Sign-up

ID

VAR-201710-0985


CVE

CVE-2017-14972


TITLE

InFocus Mondopad Vulnerabilities in authentication

Trust: 0.8

sources: JVNDB: JVNDB-2017-009416

DESCRIPTION

InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file. InFocus Mondopad Contains an authentication vulnerability.Information may be obtained. InFocusMondopad is a full-featured touch-screen whiteboard from InFocus. An authentication bypass vulnerability exists in the InFocusMondopad version 2.2.08. A remote attacker can exploit this vulnerability to obtain information

Trust: 2.25

sources: NVD: CVE-2017-14972 // JVNDB: JVNDB-2017-009416 // CNVD: CNVD-2017-35250 // VULMON: CVE-2017-14972

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-35250

AFFECTED PRODUCTS

vendor:infocusmodel:mondopadscope:eqversion:2.2.08

Trust: 3.0

sources: CNVD: CNVD-2017-35250 // JVNDB: JVNDB-2017-009416 // CNNVD: CNNVD-201710-648 // NVD: CVE-2017-14972

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14972
value: HIGH

Trust: 1.0

NVD: CVE-2017-14972
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-35250
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201710-648
value: HIGH

Trust: 0.6

VULMON: CVE-2017-14972
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-14972
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-35250
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-14972
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-35250 // VULMON: CVE-2017-14972 // JVNDB: JVNDB-2017-009416 // CNNVD: CNNVD-201710-648 // NVD: CVE-2017-14972

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2017-009416 // NVD: CVE-2017-14972

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-648

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201710-648

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009416

PATCH
title:Mondopadurl:https://www.infocus.com/mondopad-series
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-009416

EXTERNAL IDS
db:NVDid:CVE-2017-14972
Trust: 3.1
db:JVNDBid:JVNDB-2017-009416
Trust: 0.8
db:CNVDid:CNVD-2017-35250
Trust: 0.6
db:CNNVDid:CNNVD-201710-648
Trust: 0.6
db:VULMONid:CVE-2017-14972
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-35250 // 
            
            
            
            VULMON: CVE-2017-14972 // 
            
            
            
            JVNDB: JVNDB-2017-009416 // 
            
            
            
            CNNVD: CNNVD-201710-648 // 
            
            
            
            NVD: CVE-2017-14972

REFERENCES
url:https://raw.githubusercontent.com/badbiddy/vulnerability-disclosure/master/infocus%20mondopad%20%3c%202.2.08%20-%20cve-2017-14972
Trust: 1.8
url:https://raw.githubusercontent.com/badbiddy/vulnerability-disclosure/master/infocus%20mondopad%20
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14972
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14972
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://raw.githubusercontent.com/badbiddy/vulnerability-disclosure/master/infocus%20mondopad%20<%202.2.08%20-%20cve-2017-14972
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-35250 // 
            
            
            
            VULMON: CVE-2017-14972 // 
            
            
            
            JVNDB: JVNDB-2017-009416 // 
            
            
            
            CNNVD: CNNVD-201710-648 // 
            
            
            
            NVD: CVE-2017-14972

SOURCES
db:CNVDid:CNVD-2017-35250
db:VULMONid:CVE-2017-14972
db:JVNDBid:JVNDB-2017-009416
db:CNNVDid:CNNVD-201710-648
db:NVDid:CVE-2017-14972

LAST UPDATE DATE
2025-04-20T23:04:07.335000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-35250date:2017-11-28T00:00:00
db:VULMONid:CVE-2017-14972date:2019-05-07T00:00:00
db:JVNDBid:JVNDB-2017-009416date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-648date:2019-05-14T00:00:00
db:NVDid:CVE-2017-14972date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-35250date:2017-11-28T00:00:00
db:VULMONid:CVE-2017-14972date:2017-10-09T00:00:00
db:JVNDBid:JVNDB-2017-009416date:2017-11-10T00:00:00
db:CNNVDid:CNNVD-201710-648date:2017-10-09T00:00:00
db:NVDid:CVE-2017-14972date:2017-10-09T05:29:00.290