Sign-up

ID

VAR-201711-0807


CVE

CVE-2017-2912


TITLE

Circle with Disney Firmware vulnerabilities in certificate validation due to host mismatch

Trust: 0.8

sources: JVNDB: JVNDB-2017-009991

DESCRIPTION

An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. CirclewithDisney is a network monitoring and management device used by CircleMedia of the United States to monitor children's online behavior

Trust: 2.34

sources: NVD: CVE-2017-2912 // JVNDB: JVNDB-2017-009991 // CNVD: CNVD-2017-33184 // VULHUB: VHN-111115 // VULMON: CVE-2017-2912

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33184

AFFECTED PRODUCTS

vendor:meetcirclemodel:circle with disneyscope:eqversion:2.0.1

Trust: 1.6

vendor:circle mediamodel:with disneyscope:eqversion:2.0.1

Trust: 0.8

vendor:circlemodel:media circle with disneyscope:eqversion:2.0.1

Trust: 0.6

sources: CNVD: CNVD-2017-33184 // JVNDB: JVNDB-2017-009991 // CNNVD: CNNVD-201711-107 // NVD: CVE-2017-2912

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2912
value: MEDIUM

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2912
value: HIGH

Trust: 1.0

NVD: CVE-2017-2912
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-33184
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-107
value: MEDIUM

Trust: 0.6

VULHUB: VHN-111115
value: LOW

Trust: 0.1

VULMON: CVE-2017-2912
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-2912
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-33184
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-111115
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2912
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2912
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 5.2
version: 3.0

Trust: 1.0

NVD: CVE-2017-2912
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-33184 // VULHUB: VHN-111115 // VULMON: CVE-2017-2912 // JVNDB: JVNDB-2017-009991 // CNNVD: CNNVD-201711-107 // NVD: CVE-2017-2912 // NVD: CVE-2017-2912

PROBLEMTYPE DATA

problemtype:CWE-297

Trust: 1.9

sources: VULHUB: VHN-111115 // JVNDB: JVNDB-2017-009991 // NVD: CVE-2017-2912

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-107

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-107

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009991

PATCH
title:Top Pageurl:https://meetcircle.com/circle/
Trust: 0.8
title:Patch for CirclewithDisneySSLTLS Man-in-the-Middle Attack Vulnerability (CNVD-2017-33184)url:https://www.cnvd.org.cn/patchInfo/show/105669
Trust: 0.6
title:Circle with Disney Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=190061
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33184 // 
            
            
            
            JVNDB: JVNDB-2017-009991 // 
            
            
            
            CNNVD: CNNVD-201711-107

EXTERNAL IDS
db:NVDid:CVE-2017-2912
Trust: 3.2
db:TALOSid:TALOS-2017-0419
Trust: 3.2
db:JVNDBid:JVNDB-2017-009991
Trust: 0.8
db:CNNVDid:CNNVD-201711-107
Trust: 0.7
db:CNVDid:CNVD-2017-33184
Trust: 0.6
db:SEEBUGid:SSVID-96826
Trust: 0.1
db:VULHUBid:VHN-111115
Trust: 0.1
db:VULMONid:CVE-2017-2912
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33184 // 
            
            
            
            VULHUB: VHN-111115 // 
            
            
            
            VULMON: CVE-2017-2912 // 
            
            
            
            JVNDB: JVNDB-2017-009991 // 
            
            
            
            CNNVD: CNNVD-201711-107 // 
            
            
            
            NVD: CVE-2017-2912

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0419
Trust: 2.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2912
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2912
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0419
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/297.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33184 // 
            
            
            
            VULHUB: VHN-111115 // 
            
            
            
            VULMON: CVE-2017-2912 // 
            
            
            
            JVNDB: JVNDB-2017-009991 // 
            
            
            
            CNNVD: CNNVD-201711-107 // 
            
            
            
            NVD: CVE-2017-2912

CREDITS
Lilith Wyatt and Claudio Bozzato of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-107

SOURCES
db:CNVDid:CNVD-2017-33184
db:VULHUBid:VHN-111115
db:VULMONid:CVE-2017-2912
db:JVNDBid:JVNDB-2017-009991
db:CNNVDid:CNNVD-201711-107
db:NVDid:CVE-2017-2912

LAST UPDATE DATE
2025-04-20T23:24:50.640000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-33184date:2017-11-08T00:00:00
db:VULHUBid:VHN-111115date:2017-11-28T00:00:00
db:VULMONid:CVE-2017-2912date:2017-11-28T00:00:00
db:JVNDBid:JVNDB-2017-009991date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-107date:2022-04-20T00:00:00
db:NVDid:CVE-2017-2912date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-33184date:2017-11-08T00:00:00
db:VULHUBid:VHN-111115date:2017-11-07T00:00:00
db:VULMONid:CVE-2017-2912date:2017-11-07T00:00:00
db:JVNDBid:JVNDB-2017-009991date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-107date:2017-10-31T00:00:00
db:NVDid:CVE-2017-2912date:2017-11-07T16:29:00.983