Sign-up

ID

VAR-201711-0141


CVE

CVE-2017-12084


TITLE

Circle with Disney Vulnerabilities related to authorization, authority, and access control in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-009985

DESCRIPTION

A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker can send an API call to enable the SSH server. Circle with Disney Vulnerabilities related to authorization, permissions and access control exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CirclewithDisney is a network monitoring and management device used by CircleMedia of the United States to monitor children's online behavior

Trust: 2.25

sources: NVD: CVE-2017-12084 // JVNDB: JVNDB-2017-009985 // CNVD: CNVD-2017-33182 // VULHUB: VHN-102571

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33182

AFFECTED PRODUCTS

vendor:meetcirclemodel:circle with disneyscope:eqversion:2.0.1

Trust: 1.6

vendor:circle mediamodel:with disneyscope:eqversion:2.0.1

Trust: 0.8

vendor:circlemodel:media circle with disneyscope:eqversion:2.0.1

Trust: 0.6

sources: CNVD: CNVD-2017-33182 // JVNDB: JVNDB-2017-009985 // CNNVD: CNNVD-201711-106 // NVD: CVE-2017-12084

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12084
value: MEDIUM

Trust: 1.0

talos-cna@cisco.com: CVE-2017-12084
value: HIGH

Trust: 1.0

NVD: CVE-2017-12084
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-33182
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-106
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102571
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12084
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-33182
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:H/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102571
severity: MEDIUM
baseScore: 6.0
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.8
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12084
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.7
impactScore: 5.9
version: 3.0

Trust: 1.8

talos-cna@cisco.com: CVE-2017-12084
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.3
impactScore: 6.0
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2017-33182 // VULHUB: VHN-102571 // JVNDB: JVNDB-2017-009985 // CNNVD: CNNVD-201711-106 // NVD: CVE-2017-12084 // NVD: CVE-2017-12084

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-102571 // JVNDB: JVNDB-2017-009985 // NVD: CVE-2017-12084

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-106

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201711-106

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009985

PATCH
title:Top Pageurl:https://meetcircle.com/circle/
Trust: 0.8
title:Patch for CirclewithDisney Remote Access Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/105679
Trust: 0.6
title:Circle with Disney Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100150
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33182 // 
            
            
            
            JVNDB: JVNDB-2017-009985 // 
            
            
            
            CNNVD: CNNVD-201711-106

EXTERNAL IDS
db:NVDid:CVE-2017-12084
Trust: 3.1
db:TALOSid:TALOS-2017-0436
Trust: 3.1
db:JVNDBid:JVNDB-2017-009985
Trust: 0.8
db:CNNVDid:CNNVD-201711-106
Trust: 0.7
db:CNVDid:CNVD-2017-33182
Trust: 0.6
db:SEEBUGid:SSVID-96828
Trust: 0.1
db:VULHUBid:VHN-102571
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33182 // 
            
            
            
            VULHUB: VHN-102571 // 
            
            
            
            JVNDB: JVNDB-2017-009985 // 
            
            
            
            CNNVD: CNNVD-201711-106 // 
            
            
            
            NVD: CVE-2017-12084

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0436
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12084
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12084
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0436
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33182 // 
            
            
            
            VULHUB: VHN-102571 // 
            
            
            
            JVNDB: JVNDB-2017-009985 // 
            
            
            
            CNNVD: CNNVD-201711-106 // 
            
            
            
            NVD: CVE-2017-12084

CREDITS
Lilith Wyatt, Claudio Bozzato of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-106

SOURCES
db:CNVDid:CNVD-2017-33182
db:VULHUBid:VHN-102571
db:JVNDBid:JVNDB-2017-009985
db:CNNVDid:CNNVD-201711-106
db:NVDid:CVE-2017-12084

LAST UPDATE DATE
2025-04-20T23:04:02.802000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-33182date:2017-11-08T00:00:00
db:VULHUBid:VHN-102571date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-009985date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-106date:2022-04-20T00:00:00
db:NVDid:CVE-2017-12084date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-33182date:2017-11-08T00:00:00
db:VULHUBid:VHN-102571date:2017-11-07T00:00:00
db:JVNDBid:JVNDB-2017-009985date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-106date:2017-10-31T00:00:00
db:NVDid:CVE-2017-12084date:2017-11-07T16:29:00.263