Details of VAR-201712-0526

ID

VAR-201712-0526

CVE

CVE-2017-17877

TITLE

Valve Steam Link Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2017-011840

DESCRIPTION

An issue was discovered in Valve Steam Link build 643. When the SSH daemon is enabled for local development, the device is publicly available via IPv6 TCP port 22 over the internet (with stateless address autoconfiguration) by default, which makes it easier for remote attackers to obtain access by guessing 24 bits of the MAC address and attempting a root login. This can be exploited in conjunction with CVE-2017-17878. This vulnerability CVE-2017-17878 And related issues.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ValveSteamLink is a Steam online gaming device from ValueSoftware, USA. There is a security hole in ValveSteamLink. A remote attacker can exploit the vulnerability to gain access by guessing the 24-bit MAC address and attempting to log in as root

Trust: 2.34

sources: NVD: CVE-2017-17877 // JVNDB: JVNDB-2017-011840 // CNVD: CNVD-2018-01483 // VULHUB: VHN-108943 // VULMON: CVE-2017-17877

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-01483

AFFECTED PRODUCTS

vendor:	valvesoftware	model:	steam link	scope:	lt	version:	644	Trust: 1.0
vendor:	valve	model:	steam link	scope:	eq	version:	build 643	Trust: 0.8
vendor:	value	model:	software steam link build	scope:	eq	version:	643	Trust: 0.6
vendor:	valvesoftware	model:	steam link	scope:	eq	version:	447	Trust: 0.6
vendor:	valvesoftware	model:	steam link	scope:	eq	version:	487	Trust: 0.6
vendor:	valvesoftware	model:	steam link	scope:	eq	version:	437	Trust: 0.6
vendor:	valvesoftware	model:	steam link	scope:	eq	version:	494	Trust: 0.6
vendor:	valvesoftware	model:	steam link	scope:	eq	version:	484	Trust: 0.6
vendor:	valvesoftware	model:	steam link	scope:	eq	version:	449	Trust: 0.6
vendor:	valvesoftware	model:	steam link	scope:	eq	version:	441	Trust: 0.6
vendor:	valvesoftware	model:	steam link	scope:	eq	version:	497	Trust: 0.6
vendor:	valvesoftware	model:	steam link	scope:	eq	version:	462	Trust: 0.6
vendor:	valvesoftware	model:	steam link	scope:	eq	version:	435	Trust: 0.6

sources: CNVD: CNVD-2018-01483 // JVNDB: JVNDB-2017-011840 // CNNVD: CNNVD-201712-1006 // NVD: CVE-2017-17877

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-17877
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-17877
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-01483
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201712-1006
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-108943
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-17877
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-17877
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-01483
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-108943
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-17877
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-01483 // VULHUB: VHN-108943 // VULMON: CVE-2017-17877 // JVNDB: JVNDB-2017-011840 // CNNVD: CNNVD-201712-1006 // NVD: CVE-2017-17877

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-255	Trust: 0.9

sources: VULHUB: VHN-108943 // JVNDB: JVNDB-2017-011840 // NVD: CVE-2017-17877

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-1006

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201712-1006

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011840

PATCH

title:	IPv6 Firewall Needed #119	url:	https://github.com/ValveSoftware/steamlink-sdk/issues/119	Trust: 0.8
title:	SSH Access	url:	https://github.com/ValveSoftware/steamlink-sdk#ssh-access	Trust: 0.8

sources: JVNDB: JVNDB-2017-011840

EXTERNAL IDS

db:	NVD	id:	CVE-2017-17877	Trust: 3.2
db:	JVNDB	id:	JVNDB-2017-011840	Trust: 0.8
db:	CNVD	id:	CNVD-2018-01483	Trust: 0.6
db:	CNNVD	id:	CNNVD-201712-1006	Trust: 0.6
db:	VULHUB	id:	VHN-108943	Trust: 0.1
db:	VULMON	id:	CVE-2017-17877	Trust: 0.1

sources: CNVD: CNVD-2018-01483 // VULHUB: VHN-108943 // VULMON: CVE-2017-17877 // JVNDB: JVNDB-2017-011840 // CNNVD: CNNVD-201712-1006 // NVD: CVE-2017-17877

REFERENCES

url:	https://blogger.davidmanouchehri.com/2017/12/steam-link-security-remotely-insecure.html	Trust: 2.4
url:	https://github.com/valvesoftware/steamlink-sdk#ssh-access	Trust: 1.8
url:	https://github.com/valvesoftware/steamlink-sdk/issues/119	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17877	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-17877	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2018-01483 // VULHUB: VHN-108943 // VULMON: CVE-2017-17877 // JVNDB: JVNDB-2017-011840 // CNNVD: CNNVD-201712-1006 // NVD: CVE-2017-17877

SOURCES

db:	CNVD	id:	CNVD-2018-01483
db:	VULHUB	id:	VHN-108943
db:	VULMON	id:	CVE-2017-17877
db:	JVNDB	id:	JVNDB-2017-011840
db:	CNNVD	id:	CNNVD-201712-1006
db:	NVD	id:	CVE-2017-17877

LAST UPDATE DATE

2025-04-20T23:24:46.191000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-01483	date:	2018-01-19T00:00:00
db:	VULHUB	id:	VHN-108943	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2017-17877	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-011840	date:	2018-01-29T00:00:00
db:	CNNVD	id:	CNNVD-201712-1006	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-17877	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-01483	date:	2018-01-19T00:00:00
db:	VULHUB	id:	VHN-108943	date:	2017-12-27T00:00:00
db:	VULMON	id:	CVE-2017-17877	date:	2017-12-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-011840	date:	2018-01-29T00:00:00
db:	CNNVD	id:	CNNVD-201712-1006	date:	2017-12-28T00:00:00
db:	NVD	id:	CVE-2017-17877	date:	2017-12-27T17:08:21.060