Sign-up

ID

VAR-201803-1341


CVE

CVE-2017-17743


TITLE

UCOPIA Wireless Appliance Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2017-013008

DESCRIPTION

Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account. UCOPIA Wireless Appliance The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. UCOPIAWirelessAppliance is a wireless device from UCOPIA, France. A security vulnerability exists in the restricted management shells in versions prior to UCOPIAWirelessAppliance 4.4.20, 5.0.x prior to 5.0.19, and 5.1.x prior to 5.1.11. The vulnerability stems from a program failing to properly filter input

Trust: 2.25

sources: NVD: CVE-2017-17743 // JVNDB: JVNDB-2017-013008 // CNVD: CNVD-2018-08805 // VULMON: CVE-2017-17743

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-08805

AFFECTED PRODUCTS

vendor:ucopiamodel:wireless appliancescope:ltversion:5.0.19

Trust: 1.0

vendor:ucopiamodel:wireless appliancescope:gteversion:5.1

Trust: 1.0

vendor:ucopiamodel:wireless appliancescope:gteversion:5.0

Trust: 1.0

vendor:ucopiamodel:wireless appliancescope:ltversion:5.1.11

Trust: 1.0

vendor:ucopiamodel:wireless appliancescope:ltversion:4.4.20

Trust: 1.0

vendor:ucopiamodel:wireless appliancescope:eqversion:5.0.19

Trust: 0.8

vendor:ucopiamodel:wireless appliancescope:ltversion:5.1.x

Trust: 0.8

vendor:ucopiamodel:wireless appliancescope:eqversion:5.1.11

Trust: 0.8

vendor:ucopiamodel:wireless appliancescope:ltversion:5.0.x

Trust: 0.8

vendor:ucopiamodel:wireless appliance devicesscope:ltversion:4.4.20

Trust: 0.6

vendor:ucopiamodel:wireless appliance devicesscope:eqversion:5.0.*<5.0.19

Trust: 0.6

vendor:ucopiamodel:wireless appliance devicesscope:eqversion:5.1.*<5.1.11

Trust: 0.6

sources: CNVD: CNVD-2018-08805 // JVNDB: JVNDB-2017-013008 // NVD: CVE-2017-17743

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17743
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17743
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-08805
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201712-699
value: MEDIUM

Trust: 0.6

VULMON: CVE-2017-17743
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-17743
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-08805
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-17743
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-08805 // VULMON: CVE-2017-17743 // JVNDB: JVNDB-2017-013008 // CNNVD: CNNVD-201712-699 // NVD: CVE-2017-17743

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2017-013008 // NVD: CVE-2017-17743

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201712-699

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201712-699

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013008

PATCH
title:Top Pageurl:http://www.ucopia.com/en/
Trust: 0.8
title:UCOPIAWirelessAppliance privilege escalation vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/127973
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-08805 // 
            
            
            
            JVNDB: JVNDB-2017-013008

EXTERNAL IDS
db:NVDid:CVE-2017-17743
Trust: 3.1
db:JVNDBid:JVNDB-2017-013008
Trust: 0.8
db:CNVDid:CNVD-2018-08805
Trust: 0.6
db:CNNVDid:CNNVD-201712-699
Trust: 0.6
db:VULMONid:CVE-2017-17743
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-08805 // 
            
            
            
            VULMON: CVE-2017-17743 // 
            
            
            
            JVNDB: JVNDB-2017-013008 // 
            
            
            
            CNNVD: CNNVD-201712-699 // 
            
            
            
            NVD: CVE-2017-17743

REFERENCES
url:https://securite.intrinsec.com/2018/03/19/cve-2017-17743-ucopia-shell-escape/
Trust: 3.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17743
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17743
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-08805 // 
            
            
            
            VULMON: CVE-2017-17743 // 
            
            
            
            JVNDB: JVNDB-2017-013008 // 
            
            
            
            CNNVD: CNNVD-201712-699 // 
            
            
            
            NVD: CVE-2017-17743

SOURCES
db:CNVDid:CNVD-2018-08805
db:VULMONid:CVE-2017-17743
db:JVNDBid:JVNDB-2017-013008
db:CNNVDid:CNNVD-201712-699
db:NVDid:CVE-2017-17743

LAST UPDATE DATE
2024-11-23T22:55:59.376000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-08805date:2018-05-03T00:00:00
db:VULMONid:CVE-2017-17743date:2018-04-18T00:00:00
db:JVNDBid:JVNDB-2017-013008date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201712-699date:2018-03-23T00:00:00
db:NVDid:CVE-2017-17743date:2024-11-21T03:18:34.227

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-08805date:2018-05-03T00:00:00
db:VULMONid:CVE-2017-17743date:2018-03-22T00:00:00
db:JVNDBid:JVNDB-2017-013008date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201712-699date:2017-12-19T00:00:00
db:NVDid:CVE-2017-17743date:2018-03-22T05:29:00.237