Sign-up

ID

VAR-201803-1109


CVE

CVE-2017-18227


TITLE

TitanHQ WebTitan Gateway Vulnerabilities related to certificate validation

Trust: 0.8

sources: JVNDB: JVNDB-2017-012967

DESCRIPTION

TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature. TitanHQ WebTitan Gateway is a scalable web filtering device. The appliance is used to filter malware, ransomware botnets, malicious websites, and more. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 1.71

sources: NVD: CVE-2017-18227 // JVNDB: JVNDB-2017-012967 // VULHUB: VHN-109328

AFFECTED PRODUCTS

vendor:titanhqmodel:webtitan gatewayscope:eqversion: -

Trust: 1.6

vendor:titanhqmodel:webtitan gatewayscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2017-012967 // CNNVD: CNNVD-201803-356 // NVD: CVE-2017-18227

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18227
value: HIGH

Trust: 1.0

NVD: CVE-2017-18227
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201803-356
value: MEDIUM

Trust: 0.6

VULHUB: VHN-109328
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-18227
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-109328
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18227
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109328 // JVNDB: JVNDB-2017-012967 // CNNVD: CNNVD-201803-356 // NVD: CVE-2017-18227

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.9

sources: VULHUB: VHN-109328 // JVNDB: JVNDB-2017-012967 // NVD: CVE-2017-18227

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-356

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201803-356

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012967

PATCH
title:WebTitan Gatewayurl:https://www.titanhq.com/webtitan/webtitangateway
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-012967

EXTERNAL IDS
db:NVDid:CVE-2017-18227
Trust: 2.5
db:JVNDBid:JVNDB-2017-012967
Trust: 0.8
db:CNNVDid:CNNVD-201803-356
Trust: 0.6
db:VULHUBid:VHN-109328
Trust: 0.1
sources:
            
            
            VULHUB: VHN-109328 // 
            
            
            
            JVNDB: JVNDB-2017-012967 // 
            
            
            
            CNNVD: CNNVD-201803-356 // 
            
            
            
            NVD: CVE-2017-18227

REFERENCES
url:https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/security-impact-https-interception/
Trust: 1.9
url:http://dx.doi.org/10.14722/ndss.2017.23456
Trust: 1.7
url:https://jhalderm.com/pub/papers/interception-ndss17.pdf
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18227
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-18227
Trust: 0.8
url:https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/security-impact- link :https-interception/
Trust: 0.6
sources:
            
            
            VULHUB: VHN-109328 // 
            
            
            
            JVNDB: JVNDB-2017-012967 // 
            
            
            
            CNNVD: CNNVD-201803-356 // 
            
            
            
            NVD: CVE-2017-18227

SOURCES
db:VULHUBid:VHN-109328
db:JVNDBid:JVNDB-2017-012967
db:CNNVDid:CNNVD-201803-356
db:NVDid:CVE-2017-18227

LAST UPDATE DATE
2024-11-23T22:17:38.053000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-109328date:2018-04-12T00:00:00
db:JVNDBid:JVNDB-2017-012967date:2018-05-11T00:00:00
db:CNNVDid:CNNVD-201803-356date:2018-03-14T00:00:00
db:NVDid:CVE-2017-18227date:2024-11-21T03:19:37.243

SOURCES RELEASE DATE
db:VULHUBid:VHN-109328date:2018-03-12T00:00:00
db:JVNDBid:JVNDB-2017-012967date:2018-05-11T00:00:00
db:CNNVDid:CNNVD-201803-356date:2018-03-14T00:00:00
db:NVDid:CVE-2017-18227date:2018-03-12T04:29:00.307