Sign-up

ID

VAR-201710-0984


CVE

CVE-2017-14971


TITLE

Infocus Mondopad Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-35249 // CNNVD: CNNVD-201710-649

DESCRIPTION

Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker provides a crafted Microsoft Office document containing a link that has a UNC pathname associated with an attacker-controller server. In one specific scenario, the attacker provides an Excel spreadsheet, and the attacker-controller server receives the victim's NetNTLMv2 hash. InFocusMondopad is a full-featured touch-screen whiteboard from InFocus

Trust: 2.16

sources: NVD: CVE-2017-14971 // JVNDB: JVNDB-2017-009415 // CNVD: CNVD-2017-35249

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-35249

AFFECTED PRODUCTS

vendor:infocuscorpmodel:infocus mondopadscope:eqversion:2.2.08

Trust: 1.6

vendor:infocusmodel:mondopadscope:eqversion:2.2.08

Trust: 1.4

sources: CNVD: CNVD-2017-35249 // JVNDB: JVNDB-2017-009415 // CNNVD: CNNVD-201710-649 // NVD: CVE-2017-14971

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14971
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-14971
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-35249
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201710-649
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-14971
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-35249
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-14971
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-35249 // JVNDB: JVNDB-2017-009415 // CNNVD: CNNVD-201710-649 // NVD: CVE-2017-14971

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-009415 // NVD: CVE-2017-14971

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-649

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201710-649

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009415

PATCH
title:Mondopadurl:https://www.infocus.com/mondopad-series
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-009415

EXTERNAL IDS
db:NVDid:CVE-2017-14971
Trust: 3.0
db:JVNDBid:JVNDB-2017-009415
Trust: 0.8
db:CNVDid:CNVD-2017-35249
Trust: 0.6
db:CNNVDid:CNNVD-201710-649
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-35249 // 
            
            
            
            JVNDB: JVNDB-2017-009415 // 
            
            
            
            CNNVD: CNNVD-201710-649 // 
            
            
            
            NVD: CVE-2017-14971

REFERENCES
url:https://raw.githubusercontent.com/badbiddy/vulnerability-disclosure/master/infocus%20mondopad%20%3c%202.2.08%20-%20cve-2017-14971
Trust: 3.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14971
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14971
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-35249 // 
            
            
            
            JVNDB: JVNDB-2017-009415 // 
            
            
            
            CNNVD: CNNVD-201710-649 // 
            
            
            
            NVD: CVE-2017-14971

SOURCES
db:CNVDid:CNVD-2017-35249
db:JVNDBid:JVNDB-2017-009415
db:CNNVDid:CNNVD-201710-649
db:NVDid:CVE-2017-14971

LAST UPDATE DATE
2025-04-20T23:19:45.646000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-35249date:2017-11-28T00:00:00
db:JVNDBid:JVNDB-2017-009415date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-649date:2017-11-09T00:00:00
db:NVDid:CVE-2017-14971date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-35249date:2017-11-28T00:00:00
db:JVNDBid:JVNDB-2017-009415date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-649date:2017-10-09T00:00:00
db:NVDid:CVE-2017-14971date:2017-10-09T05:29:00.197