Sign-up

ID

VAR-201711-0806


CVE

CVE-2017-2911


TITLE

Circle with Disney Vulnerabilities related to certificate verification due to host mismatch

Trust: 0.8

sources: JVNDB: JVNDB-2017-009990

DESCRIPTION

An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. CirclewithDisney is a network monitoring and management device used by CircleMedia of the United States to monitor children's online behavior

Trust: 2.25

sources: NVD: CVE-2017-2911 // JVNDB: JVNDB-2017-009990 // CNVD: CNVD-2017-33181 // VULHUB: VHN-111114

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33181

AFFECTED PRODUCTS

vendor:meetcirclemodel:circle with disneyscope:eqversion:2.0.1

Trust: 1.6

vendor:circle mediamodel:with disneyscope:eqversion:2.0.1

Trust: 0.8

vendor:circlemodel:media circle with disneyscope:eqversion:2.0.1

Trust: 0.6

sources: CNVD: CNVD-2017-33181 // JVNDB: JVNDB-2017-009990 // CNNVD: CNNVD-201711-104 // NVD: CVE-2017-2911

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2911
value: MEDIUM

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2911
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-2911
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-33181
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-104
value: MEDIUM

Trust: 0.6

VULHUB: VHN-111114
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-2911
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-33181
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:H/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-111114
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2911
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2911
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2017-2911
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-33181 // VULHUB: VHN-111114 // JVNDB: JVNDB-2017-009990 // CNNVD: CNNVD-201711-104 // NVD: CVE-2017-2911 // NVD: CVE-2017-2911

PROBLEMTYPE DATA

problemtype:CWE-297

Trust: 1.9

sources: VULHUB: VHN-111114 // JVNDB: JVNDB-2017-009990 // NVD: CVE-2017-2911

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-104

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-104

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009990

PATCH
title:Top Pageurl:https://meetcircle.com/circle/
Trust: 0.8
title:Patch for CirclewithDisneySSLTLD Man-in-the-Middle Attack Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/105671
Trust: 0.6
title:Circle with Disney Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190059
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33181 // 
            
            
            
            JVNDB: JVNDB-2017-009990 // 
            
            
            
            CNNVD: CNNVD-201711-104

EXTERNAL IDS
db:TALOSid:TALOS-2017-0418
Trust: 3.1
db:NVDid:CVE-2017-2911
Trust: 3.1
db:JVNDBid:JVNDB-2017-009990
Trust: 0.8
db:CNNVDid:CNNVD-201711-104
Trust: 0.7
db:CNVDid:CNVD-2017-33181
Trust: 0.6
db:SEEBUGid:SSVID-96832
Trust: 0.1
db:VULHUBid:VHN-111114
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33181 // 
            
            
            
            VULHUB: VHN-111114 // 
            
            
            
            JVNDB: JVNDB-2017-009990 // 
            
            
            
            CNNVD: CNNVD-201711-104 // 
            
            
            
            NVD: CVE-2017-2911

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0418
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2911
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2911
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0418
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33181 // 
            
            
            
            VULHUB: VHN-111114 // 
            
            
            
            JVNDB: JVNDB-2017-009990 // 
            
            
            
            CNNVD: CNNVD-201711-104 // 
            
            
            
            NVD: CVE-2017-2911

CREDITS
Lilith Wyatt and Claudio Bozzato of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-104

SOURCES
db:CNVDid:CNVD-2017-33181
db:VULHUBid:VHN-111114
db:JVNDBid:JVNDB-2017-009990
db:CNNVDid:CNNVD-201711-104
db:NVDid:CVE-2017-2911

LAST UPDATE DATE
2025-04-20T23:32:47.750000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-33181date:2017-11-08T00:00:00
db:VULHUBid:VHN-111114date:2017-11-28T00:00:00
db:JVNDBid:JVNDB-2017-009990date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-104date:2022-04-20T00:00:00
db:NVDid:CVE-2017-2911date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-33181date:2017-11-08T00:00:00
db:VULHUBid:VHN-111114date:2017-11-07T00:00:00
db:JVNDBid:JVNDB-2017-009990date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-104date:2017-10-31T00:00:00
db:NVDid:CVE-2017-2911date:2017-11-07T16:29:00.950