Sign-up

ID

VAR-201711-0812


CVE

CVE-2017-2917


TITLE

Circle with Disney command injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-32879 // CNNVD: CNNVD-201711-102

DESCRIPTION

An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. Circle with Disney The firmware of OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CirclewithDisney is a network monitoring and management device used by CircleMedia of the United States to monitor children's online behavior. A command injection vulnerability exists in the notification feature in the CirclewithDisney 2.0.1 release

Trust: 2.25

sources: NVD: CVE-2017-2917 // JVNDB: JVNDB-2017-009998 // CNVD: CNVD-2017-32879 // VULHUB: VHN-111120

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-32879

AFFECTED PRODUCTS

vendor:meetcirclemodel:circle with disneyscope:eqversion:2.0.1

Trust: 1.6

vendor:circle mediamodel:with disneyscope:eqversion:2.0.1

Trust: 0.8

vendor:circlemodel:media circle with disneyscope:eqversion:2.0.1

Trust: 0.6

sources: CNVD: CNVD-2017-32879 // JVNDB: JVNDB-2017-009998 // CNNVD: CNNVD-201711-102 // NVD: CVE-2017-2917

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2917
value: HIGH

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2917
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-2917
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-32879
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201711-102
value: HIGH

Trust: 0.6

VULHUB: VHN-111120
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2917
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-32879
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-111120
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2917
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

talos-cna@cisco.com: CVE-2017-2917
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2017-2917
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-32879 // VULHUB: VHN-111120 // JVNDB: JVNDB-2017-009998 // CNNVD: CNNVD-201711-102 // NVD: CVE-2017-2917 // NVD: CVE-2017-2917

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-111120 // JVNDB: JVNDB-2017-009998 // NVD: CVE-2017-2917

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-102

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201711-102

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009998

PATCH
title:Top Pageurl:https://meetcircle.com/circle/
Trust: 0.8
title:CirclewithDisney command to inject vulnerability patchesurl:https://www.cnvd.org.cn/patchInfo/show/105477
Trust: 0.6
title:Circle with Disney Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76091
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-32879 // 
            
            
            
            JVNDB: JVNDB-2017-009998 // 
            
            
            
            CNNVD: CNNVD-201711-102

EXTERNAL IDS
db:TALOSid:TALOS-2017-0424
Trust: 3.1
db:NVDid:CVE-2017-2917
Trust: 3.1
db:JVNDBid:JVNDB-2017-009998
Trust: 0.8
db:CNNVDid:CNNVD-201711-102
Trust: 0.7
db:CNVDid:CNVD-2017-32879
Trust: 0.6
db:SEEBUGid:SSVID-96836
Trust: 0.1
db:VULHUBid:VHN-111120
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-32879 // 
            
            
            
            VULHUB: VHN-111120 // 
            
            
            
            JVNDB: JVNDB-2017-009998 // 
            
            
            
            CNNVD: CNNVD-201711-102 // 
            
            
            
            NVD: CVE-2017-2917

REFERENCES
url:https://www.talosintelligence.com/vulnerability_reports/talos-2017-0424
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2917
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2917
Trust: 0.8
url:https://talosintelligence.com/vulnerability_reports/talos-2017-0424
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-32879 // 
            
            
            
            VULHUB: VHN-111120 // 
            
            
            
            JVNDB: JVNDB-2017-009998 // 
            
            
            
            CNNVD: CNNVD-201711-102 // 
            
            
            
            NVD: CVE-2017-2917

CREDITS
Claudio Bozzato and Lilith Wyatt of Cisco Talos
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-102

SOURCES
db:CNVDid:CNVD-2017-32879
db:VULHUBid:VHN-111120
db:JVNDBid:JVNDB-2017-009998
db:CNNVDid:CNNVD-201711-102
db:NVDid:CVE-2017-2917

LAST UPDATE DATE
2025-04-20T23:19:43.565000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-32879date:2017-11-07T00:00:00
db:VULHUBid:VHN-111120date:2017-11-28T00:00:00
db:JVNDBid:JVNDB-2017-009998date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-102date:2022-04-20T00:00:00
db:NVDid:CVE-2017-2917date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-32879date:2017-11-07T00:00:00
db:VULHUBid:VHN-111120date:2017-11-07T00:00:00
db:JVNDBid:JVNDB-2017-009998date:2017-11-30T00:00:00
db:CNNVDid:CNNVD-201711-102date:2017-10-31T00:00:00
db:NVDid:CVE-2017-2917date:2017-11-07T16:29:01.170