Sign-up

ID

VAR-201711-0144


CVE

CVE-2017-12096


TITLE

Circle with Disney Access Control Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-32881 // CNNVD: CNNVD-201711-099

DESCRIPTION

An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed "deauth" packets to trigger this vulnerability. CirclewithDisney is a network monitoring and management device used by CircleMedia of the United States to monitor children's online behavior. WiFimanagement is one of the WiFi management components

Trust: 2.25

sources: NVD: CVE-2017-12096 // JVNDB: JVNDB-2017-009988 // CNVD: CNVD-2017-32881 // VULHUB: VHN-102584

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-32881

AFFECTED PRODUCTS

vendor:meetcirclemodel:circle with disneyscope:eqversion:2.0.1

Trust: 1.6

vendor:circle mediamodel:with disneyscope: - version: -

Trust: 0.8

vendor:circlemodel:media circle with disneyscope:eqversion:2.0.1

Trust: 0.6

sources: CNVD: CNVD-2017-32881 // JVNDB: JVNDB-2017-009988 // CNNVD: CNNVD-201711-099 // NVD: CVE-2017-12096

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12096
value: MEDIUM

Trust: 1.0

talos-cna@cisco.com: CVE-2017-12096
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12096
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-32881
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201711-099
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102584
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12096
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-32881
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102584
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

talos-cna@cisco.com: CVE-2017-12096
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2017-12096
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2017-32881 // VULHUB: VHN-102584 // JVNDB: JVNDB-2017-009988 // CNNVD: CNNVD-201711-099 // NVD: CVE-2017-12096 // NVD: CVE-2017-12096

PROBLEMTYPE DATA

problemtype:CWE-290

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-102584 // JVNDB: JVNDB-2017-009988 // NVD: CVE-2017-12096

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201711-099

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201711-099

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009988

PATCH
title:Top Pageurl:https://meetcircle.com/circle/
Trust: 0.8
title:CirclewithDisney Access Control Error Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/105481
Trust: 0.6
title:Circle with Disney Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76090
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-32881 // 
            
            
            
            JVNDB: JVNDB-2017-009988 // 
            
            
            
            CNNVD: CNNVD-201711-099

EXTERNAL IDS
db:TALOSid:TALOS-2017-0448
Trust: 3.1
db:NVDid:CVE-2017-12096
Trust: 3.1
db:JVNDBid:JVNDB-2017-009988
Trust: 0.8
db:CNNVDid:CNNVD-201711-099
Trust: 0.7
db:CNVDid:CNVD-2017-32881
Trust: 0.6
db:SEEBUGid:SSVID-96830
Trust: 0.1
db:VULHUBid:VHN-102584
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-32881 // 
            
            
            
            VULHUB: VHN-102584 // 
            
            
            
            JVNDB: JVNDB-2017-009988 // 
            
            
            
            CNNVD: CNNVD-201711-099 // 
            
            
            
            NVD: CVE-2017-12096

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0448
Trust: 3.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12096
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12096
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0448
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-32881 // 
            
            
            
            VULHUB: VHN-102584 // 
            
            
            
            JVNDB: JVNDB-2017-009988 // 
            
            
            
            CNNVD: CNNVD-201711-099 // 
            
            
            
            NVD: CVE-2017-12096

CREDITS
Claudio Bozzato and Lilith Wyatt of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-099

SOURCES
db:CNVDid:CNVD-2017-32881
db:VULHUBid:VHN-102584
db:JVNDBid:JVNDB-2017-009988
db:CNNVDid:CNNVD-201711-099
db:NVDid:CVE-2017-12096

LAST UPDATE DATE
2025-04-20T23:22:09.396000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-32881date:2017-11-07T00:00:00
db:VULHUBid:VHN-102584date:2023-01-28T00:00:00
db:JVNDBid:JVNDB-2017-009988date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-099date:2022-04-20T00:00:00
db:NVDid:CVE-2017-12096date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-32881date:2017-11-07T00:00:00
db:VULHUBid:VHN-102584date:2017-11-07T00:00:00
db:JVNDBid:JVNDB-2017-009988date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-099date:2017-10-31T00:00:00
db:NVDid:CVE-2017-12096date:2017-11-07T16:29:00.357