Sign-up

ID

VAR-201711-0031


CVE

CVE-2017-10825


TITLE

Installer of "Flets Easy Setup Tool" may insecurely load Dynamic Link Libraries

Trust: 0.8

sources: JVNDB: JVNDB-2017-000213

DESCRIPTION

Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed with the privilege of the user invoking the installer. FletsEasySetupTool is a Flets easy installation tool from Japan NIPPONTELEGRAPHANDTELEPHONEWEST. Installer is one of the installers. An attacker could exploit the vulnerability with a malicious DLL in the directory to gain access

Trust: 2.16

sources: NVD: CVE-2017-10825 // JVNDB: JVNDB-2017-000213 // CNVD: CNVD-2017-33286

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33286

AFFECTED PRODUCTS

vendor:flets wmodel:easy setup toolscope:eqversion:1.2.0

Trust: 1.6

vendor:nippon telegraph and telephone westmodel:flets easy setup toolscope:lteversion:ver1.2.0

Trust: 0.8

vendor:nipponmodel:telegraph and telephone west flets easy setup toolscope:lteversion:<=1.2.0

Trust: 0.6

sources: CNVD: CNVD-2017-33286 // JVNDB: JVNDB-2017-000213 // CNNVD: CNNVD-201711-086 // NVD: CVE-2017-10825

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-10825
value: HIGH

Trust: 1.0

IPA: JVNDB-2017-000213
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-33286
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-086
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-10825
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2017-000213
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-33286
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-10825
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2017-000213
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-33286 // JVNDB: JVNDB-2017-000213 // CNNVD: CNNVD-201711-086 // NVD: CVE-2017-10825

PROBLEMTYPE DATA

problemtype:CWE-426

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2017-000213 // NVD: CVE-2017-10825

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-086

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-086

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-000213

PATCH
title:NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION websiteurl:http://flets-w.com/topics/setup_tool_vulnerability/
Trust: 0.8
title:FFletsEasySetupToolInstaller patch for untrusted search path vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/105740
Trust: 0.6
title:Flets Easy Setup Tool Installer Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76125
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33286 // 
            
            
            
            JVNDB: JVNDB-2017-000213 // 
            
            
            
            CNNVD: CNNVD-201711-086

EXTERNAL IDS
db:NVDid:CVE-2017-10825
Trust: 3.0
db:JVNid:JVN97243511
Trust: 3.0
db:JVNDBid:JVNDB-2017-000213
Trust: 0.8
db:CNVDid:CNVD-2017-33286
Trust: 0.6
db:CNNVDid:CNNVD-201711-086
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33286 // 
            
            
            
            JVNDB: JVNDB-2017-000213 // 
            
            
            
            CNNVD: CNNVD-201711-086 // 
            
            
            
            NVD: CVE-2017-10825

REFERENCES
url:http://flets-w.com/topics/setup_tool_vulnerability/
Trust: 1.6
url:https://jvn.jp/en/jp/jvn97243511/278948/index.html
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10825
Trust: 0.8
url:http://jvn.jp/en/jp/jvn97243511/index.html
Trust: 0.8
url:https://jvn.jp/en/ta/jvnta91240916/
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-10825
Trust: 0.8
url:http://jvn.jp/en/jp/jvn97243511/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33286 // 
            
            
            
            JVNDB: JVNDB-2017-000213 // 
            
            
            
            CNNVD: CNNVD-201711-086 // 
            
            
            
            NVD: CVE-2017-10825

SOURCES
db:CNVDid:CNVD-2017-33286
db:JVNDBid:JVNDB-2017-000213
db:CNNVDid:CNNVD-201711-086
db:NVDid:CVE-2017-10825

LAST UPDATE DATE
2025-04-20T23:25:55.276000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-33286date:2017-11-09T00:00:00
db:JVNDBid:JVNDB-2017-000213date:2018-03-14T00:00:00
db:CNNVDid:CNNVD-201711-086date:2017-11-27T00:00:00
db:NVDid:CVE-2017-10825date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-33286date:2017-11-09T00:00:00
db:JVNDBid:JVNDB-2017-000213date:2017-11-02T00:00:00
db:CNNVDid:CNNVD-201711-086date:2017-11-08T00:00:00
db:NVDid:CVE-2017-10825date:2017-11-02T15:29:00.197