Details of VAR-201712-0383

ID

VAR-201712-0383

CVE

CVE-2017-16786

TITLE

Meinberg LANTIME Information disclosure vulnerability in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-011635

DESCRIPTION

The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality. Meinberg LANTIME The device firmware contains an information disclosure vulnerability.Information may be obtained. Meinberg LANTIME is an NTP time server of Germany Meinberg company. Web Configuration Utility is one of the Web configuration tools. A security vulnerability exists in the Web Configuration Utility on Meinberg LANTIME with firmware prior to 6.24.004. A remote attacker could exploit this vulnerability to read arbitrary files by sending the 'ntpclientcounterlogfile' parameter to cgi-bin/mainv2 or by other means

Trust: 1.8

sources: NVD: CVE-2017-16786 // JVNDB: JVNDB-2017-011635 // VULHUB: VHN-107743 // VULMON: CVE-2017-16786

AFFECTED PRODUCTS

vendor:	meinbergglobal	model:	lantime	scope:	lte	version:	6.24.003	Trust: 1.0
vendor:	meinberg funkuhren	model:	lantime	scope:	lt	version:	6.24.004	Trust: 0.8
vendor:	meinbergglobal	model:	lantime	scope:	eq	version:	6.24.003	Trust: 0.6

sources: JVNDB: JVNDB-2017-011635 // CNNVD: CNNVD-201711-355 // NVD: CVE-2017-16786

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-16786
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-16786
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201711-355
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-107743
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-16786
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-16786
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-107743
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-16786
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-107743 // VULMON: CVE-2017-16786 // JVNDB: JVNDB-2017-011635 // CNNVD: CNNVD-201711-355 // NVD: CVE-2017-16786

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-107743 // JVNDB: JVNDB-2017-011635 // NVD: CVE-2017-16786

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-355

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201711-355

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011635

PATCH

title:

Top Page

url:

https://www.meinbergglobal.com/

Trust: 0.8

sources: JVNDB: JVNDB-2017-011635

EXTERNAL IDS

db:	PACKETSTORM	id:	145388	Trust: 2.6
db:	NVD	id:	CVE-2017-16786	Trust: 2.6
db:	JVNDB	id:	JVNDB-2017-011635	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-355	Trust: 0.7
db:	VULHUB	id:	VHN-107743	Trust: 0.1
db:	VULMON	id:	CVE-2017-16786	Trust: 0.1

sources: VULHUB: VHN-107743 // VULMON: CVE-2017-16786 // JVNDB: JVNDB-2017-011635 // CNNVD: CNNVD-201711-355 // NVD: CVE-2017-16786

REFERENCES

url:	http://packetstormsecurity.com/files/145388/meinberg-lantime-web-configuration-utility-6.16.008-arbitrary-file-read.html	Trust: 2.6
url:	http://seclists.org/fulldisclosure/2017/dec/50	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16786	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-16786	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-107743 // VULMON: CVE-2017-16786 // JVNDB: JVNDB-2017-011635 // CNNVD: CNNVD-201711-355 // NVD: CVE-2017-16786

SOURCES

db:	VULHUB	id:	VHN-107743
db:	VULMON	id:	CVE-2017-16786
db:	JVNDB	id:	JVNDB-2017-011635
db:	CNNVD	id:	CNNVD-201711-355
db:	NVD	id:	CVE-2017-16786

LAST UPDATE DATE

2025-04-20T23:36:44.322000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-107743	date:	2018-01-08T00:00:00
db:	VULMON	id:	CVE-2017-16786	date:	2018-01-08T00:00:00
db:	JVNDB	id:	JVNDB-2017-011635	date:	2018-01-23T00:00:00
db:	CNNVD	id:	CNNVD-201711-355	date:	2017-12-20T00:00:00
db:	NVD	id:	CVE-2017-16786	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-107743	date:	2017-12-19T00:00:00
db:	VULMON	id:	CVE-2017-16786	date:	2017-12-19T00:00:00
db:	JVNDB	id:	JVNDB-2017-011635	date:	2018-01-23T00:00:00
db:	CNNVD	id:	CNNVD-201711-355	date:	2017-11-13T00:00:00
db:	NVD	id:	CVE-2017-16786	date:	2017-12-19T15:29:00.353