Sign-up

ID

VAR-201711-0142


CVE

CVE-2017-12085


TITLE

Circle with Disney Vulnerabilities related to security functions in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-009986

DESCRIPTION

An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability. Circle with Disney Vulnerabilities related to security functions exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CirclewithDisney is a network monitoring and management device used by CircleMedia of the United States to monitor children's online behavior. There is a routing vulnerability in cloudinfrastructure in CirclewithDisney 2.0.1

Trust: 2.25

sources: NVD: CVE-2017-12085 // JVNDB: JVNDB-2017-009986 // CNVD: CNVD-2017-32882 // VULHUB: VHN-102572

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-32882

AFFECTED PRODUCTS

vendor:meetcirclemodel:circle with disneyscope:eqversion:2.0.1

Trust: 1.6

vendor:circle mediamodel:with disneyscope: - version: -

Trust: 0.8

vendor:circlemodel:media circle with disneyscope:eqversion:2.0.1

Trust: 0.6

sources: CNVD: CNVD-2017-32882 // JVNDB: JVNDB-2017-009986 // CNNVD: CNNVD-201711-096 // NVD: CVE-2017-12085

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12085
value: CRITICAL

Trust: 1.0

talos-cna@cisco.com: CVE-2017-12085
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-12085
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-32882
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-096
value: CRITICAL

Trust: 0.6

VULHUB: VHN-102572
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-12085
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-32882
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:H/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102572
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12085
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

talos-cna@cisco.com: CVE-2017-12085
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 6.0
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2017-32882 // VULHUB: VHN-102572 // JVNDB: JVNDB-2017-009986 // CNNVD: CNNVD-201711-096 // NVD: CVE-2017-12085 // NVD: CVE-2017-12085

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-102572 // JVNDB: JVNDB-2017-009986 // NVD: CVE-2017-12085

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-096

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-096

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009986

PATCH
title:Top Pageurl:https://meetcircle.com/circle/
Trust: 0.8
title:CirclewithDisney routing vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/105657
Trust: 0.6
title:Circle with Disney Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76089
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-32882 // 
            
            
            
            JVNDB: JVNDB-2017-009986 // 
            
            
            
            CNNVD: CNNVD-201711-096

EXTERNAL IDS
db:NVDid:CVE-2017-12085
Trust: 3.1
db:TALOSid:TALOS-2017-0437
Trust: 3.1
db:JVNDBid:JVNDB-2017-009986
Trust: 0.8
db:CNNVDid:CNNVD-201711-096
Trust: 0.7
db:CNVDid:CNVD-2017-32882
Trust: 0.6
db:SEEBUGid:SSVID-96829
Trust: 0.1
db:VULHUBid:VHN-102572
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-32882 // 
            
            
            
            VULHUB: VHN-102572 // 
            
            
            
            JVNDB: JVNDB-2017-009986 // 
            
            
            
            CNNVD: CNNVD-201711-096 // 
            
            
            
            NVD: CVE-2017-12085

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0437
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12085
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12085
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0437
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-32882 // 
            
            
            
            VULHUB: VHN-102572 // 
            
            
            
            JVNDB: JVNDB-2017-009986 // 
            
            
            
            CNNVD: CNNVD-201711-096 // 
            
            
            
            NVD: CVE-2017-12085

CREDITS
Lilith Wyatt and Claudio Bozzato of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-096

SOURCES
db:CNVDid:CNVD-2017-32882
db:VULHUBid:VHN-102572
db:JVNDBid:JVNDB-2017-009986
db:CNNVDid:CNNVD-201711-096
db:NVDid:CVE-2017-12085

LAST UPDATE DATE
2025-04-20T23:23:34.094000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-32882date:2017-11-08T00:00:00
db:VULHUBid:VHN-102572date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-009986date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-096date:2022-04-20T00:00:00
db:NVDid:CVE-2017-12085date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-32882date:2017-11-07T00:00:00
db:VULHUBid:VHN-102572date:2017-11-07T00:00:00
db:JVNDBid:JVNDB-2017-009986date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-096date:2017-10-31T00:00:00
db:NVDid:CVE-2017-12085date:2017-11-07T16:29:00.293