Sign-up

ID

VAR-201704-0898


CVE

CVE-2017-2149


TITLE

Multiple installers of Toshiba memory card related software may insecurely load Dynamic Link Libraries

Trust: 0.8

sources: JVNDB: JVNDB-2017-000069

DESCRIPTION

Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. Multiple installers of Toshiba memory card related software contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed with the privilege of the user invoking the installer. Toshiba SDHC and SDXC are both memory cards from Toshiba Corporation of Japan. A remote attacker can exploit this vulnerability to gain access. A remote attacker can leverage this issue to execute arbitrary code in the context of the affected application

Trust: 2.97

sources: NVD: CVE-2017-2149 // JVNDB: JVNDB-2017-000069 // CNVD: CNVD-2017-06938 // CNNVD: CNNVD-201704-965 // BID: 97697

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-06938

AFFECTED PRODUCTS

vendor:toshibamodel:flashairscope:lteversion:2.00.03

Trust: 1.0

vendor:toshibamodel:flashairscope:lteversion:3.00.01

Trust: 1.0

vendor:toshibamodel:flashairscope:lteversion:1.00.06

Trust: 1.0

vendor:toshibamodel:flashairscope:lteversion:1.02

Trust: 1.0

vendor:toshibamodel:flashairscope:lteversion:3.0.2

Trust: 1.0

vendor:toshibamodel:flashairscope:lteversion:1.00.04

Trust: 1.0

vendor:toshibamodel:flashairscope:lteversion:1.00.03

Trust: 1.0

vendor:toshibamodel:sdhc memory card with embedded transferjet functionality configuration softwarescope:lteversion:v1.02

Trust: 0.8

vendor:toshibamodel:sdhc memory card with embedded transferjet functionality software update toolscope:lteversion:v1.00.06

Trust: 0.8

vendor:toshibamodel:sdhc memory card with embedded wireless lan functionality flashair configuration softwarescope:lteversion:v3.0.2

Trust: 0.8

vendor:toshibamodel:sdhc memory card with embedded wireless lan functionality flashair software update toolscope:lteversion:(sd-wb/wl series) v1.00.04

Trust: 0.8

vendor:toshibamodel:sdhc memory card with embedded wireless lan functionality flashair software update toolscope:lteversion:(sd-wd/wc series<w-02>) v2.00.03

Trust: 0.8

vendor:toshibamodel:sdhc memory card with embedded wireless lan functionality flashair software update toolscope:eqversion:(sd-we series<w-03>) v3.00.01

Trust: 0.8

vendor:toshibamodel:sdhc/sdxc memory card with embedded nfc functionality software update toolscope:lteversion:v1.00.03

Trust: 0.8

vendor:toshibamodel:sdhc memory cardscope:lteversion:<=v3.0.2

Trust: 0.6

vendor:toshibamodel:sdhc memory cardscope:ltversion:3.00.01

Trust: 0.6

vendor:toshibamodel:sdhc memory cardscope:lteversion:<=v2.00.03

Trust: 0.6

vendor:toshibamodel:sdhc memory cardscope:lteversion:<=v1.00.04

Trust: 0.6

vendor:toshibamodel:sdhc memory cardscope:lteversion:<=v1.02

Trust: 0.6

vendor:toshibamodel:sdhc memory cardscope:lteversion:<=v1.00.06

Trust: 0.6

vendor:toshibamodel:sdhc/sdxc memory cardscope: - version: -

Trust: 0.6

vendor:toshibamodel:flashairscope:eqversion:3.0.2

Trust: 0.6

vendor:toshibamodel:flashairscope:eqversion:2.00.03

Trust: 0.6

vendor:toshibamodel:flashairscope:eqversion:1.00.03

Trust: 0.6

vendor:toshibamodel:flashairscope:eqversion:1.00.04

Trust: 0.6

vendor:toshibamodel:flashairscope:eqversion:1.00.06

Trust: 0.6

vendor:toshibamodel:flashairscope:eqversion:3.00.01

Trust: 0.6

vendor:toshibamodel:flashairscope:eqversion:1.02

Trust: 0.6

vendor:toshibamodel:sdxc memory card with embedded nfc functionality software updatescope:eqversion:1.0.3

Trust: 0.3

vendor:toshibamodel:sdxc memory card with embedded nfc functionality software updatescope:eqversion:0

Trust: 0.3

vendor:toshibamodel:sdhc memory card flashairtm software update toolscope:eqversion:3.0.1

Trust: 0.3

vendor:toshibamodel:sdhc memory card flashairtm software update toolscope:eqversion:0

Trust: 0.3

vendor:toshibamodel:sdhc memory card flashairtm configuration softwarescope:eqversion:3.0.2

Trust: 0.3

vendor:toshibamodel:sdhc memory card flashairtm configuration softwarescope:eqversion:0

Trust: 0.3

vendor:toshibamodel:sdhc memory cardscope:eqversion:1.0.3

Trust: 0.3

vendor:toshibamodel:sdhc memory cardscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2017-06938 // BID: 97697 // JVNDB: JVNDB-2017-000069 // CNNVD: CNNVD-201704-965 // NVD: CVE-2017-2149

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2149
value: HIGH

Trust: 1.0

IPA: JVNDB-2017-000069
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-06938
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201704-965
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2017-2149
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2017-000069
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-06938
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-2149
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2017-000069
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-06938 // JVNDB: JVNDB-2017-000069 // CNNVD: CNNVD-201704-965 // NVD: CVE-2017-2149

PROBLEMTYPE DATA

problemtype:CWE-426

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2017-000069 // NVD: CVE-2017-2149

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-965

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201704-965

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-000069

PATCH
title:Toshiba Corporation websiteurl:http://www.toshiba-personalstorage.net/news/20170414.htm
Trust: 0.8
title:Patches for multiple Toshiba memory card installers that are not trusted for search path vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/93907
Trust: 0.6
title:Multiple Toshiba Repair measures for memory card installer security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69714
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-06938 // 
            
            
            
            JVNDB: JVNDB-2017-000069 // 
            
            
            
            CNNVD: CNNVD-201704-965

EXTERNAL IDS
db:JVNid:JVN05340816
Trust: 3.3
db:NVDid:CVE-2017-2149
Trust: 3.3
db:BIDid:97697
Trust: 2.5
db:JVNDBid:JVNDB-2017-000069
Trust: 0.8
db:CNVDid:CNVD-2017-06938
Trust: 0.6
db:CNNVDid:CNNVD-201704-965
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-06938 // 
            
            
            
            BID: 97697 // 
            
            
            
            JVNDB: JVNDB-2017-000069 // 
            
            
            
            CNNVD: CNNVD-201704-965 // 
            
            
            
            NVD: CVE-2017-2149

REFERENCES
url:http://jvn.jp/en/jp/jvn05340816/index.html
Trust: 3.3
url:http://www.securityfocus.com/bid/97697
Trust: 2.2
url:http://www.toshiba-personalstorage.net/news/20170414.htm
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2149
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2149
Trust: 0.8
url:http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html
Trust: 0.3
url:http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-06938 // 
            
            
            
            BID: 97697 // 
            
            
            
            JVNDB: JVNDB-2017-000069 // 
            
            
            
            CNNVD: CNNVD-201704-965 // 
            
            
            
            NVD: CVE-2017-2149

CREDITS
Yuji Tounai of NTT Communications Corporation.
Trust: 0.9
sources:
            
            
            BID: 97697 // 
            
            
            
            CNNVD: CNNVD-201704-965

SOURCES
db:CNVDid:CNVD-2017-06938
db:BIDid:97697
db:JVNDBid:JVNDB-2017-000069
db:CNNVDid:CNNVD-201704-965
db:NVDid:CVE-2017-2149

LAST UPDATE DATE
2025-04-20T23:25:04.102000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-06938date:2017-05-18T00:00:00
db:BIDid:97697date:2017-04-18T00:07:00
db:JVNDBid:JVNDB-2017-000069date:2017-12-21T00:00:00
db:CNNVDid:CNNVD-201704-965date:2019-10-23T00:00:00
db:NVDid:CVE-2017-2149date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-06938date:2017-05-18T00:00:00
db:BIDid:97697date:2017-04-14T00:00:00
db:JVNDBid:JVNDB-2017-000069date:2017-04-14T00:00:00
db:CNNVDid:CNNVD-201704-965date:2017-04-14T00:00:00
db:NVDid:CVE-2017-2149date:2017-04-28T16:59:01.917