Sign-up

ID

VAR-201805-0090


CVE

CVE-2016-10650


TITLE

ntfserver Cryptographic vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-013531

DESCRIPTION

ntfserver is a Network Testing Framework Server. ntfserver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. ntfserver Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ntfserver is a central server for collecting and displaying ntfd data

Trust: 2.16

sources: NVD: CVE-2016-10650 // JVNDB: JVNDB-2017-013531 // CNVD: CNVD-2018-15377

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-15377

AFFECTED PRODUCTS

vendor:shutterstockmodel:ntfserverscope:lteversion:0.0.18

Trust: 1.0

vendor:shutterstockmodel:ntfserverscope: - version: -

Trust: 0.8

vendor:ntfservermodel:nonescope: - version: -

Trust: 0.6

vendor:shutterstockmodel:ntfserverscope:eqversion:0.0.18

Trust: 0.6

sources: CNVD: CNVD-2018-15377 // JVNDB: JVNDB-2017-013531 // CNNVD: CNNVD-201805-949 // NVD: CVE-2016-10650

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-10650
value: HIGH

Trust: 1.0

NVD: CVE-2016-10650
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-15377
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201805-949
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2016-10650
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-15377
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2016-10650
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-15377 // JVNDB: JVNDB-2017-013531 // CNNVD: CNNVD-201805-949 // NVD: CVE-2016-10650

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.8

problemtype:CWE-311

Trust: 1.0

sources: JVNDB: JVNDB-2017-013531 // NVD: CVE-2016-10650

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-949

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201805-949

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013531

PATCH
title:Downloads Resources over HTTPurl:https://nodesecurity.io/advisories/253
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-013531

EXTERNAL IDS
db:NVDid:CVE-2016-10650
Trust: 3.0
db:JVNDBid:JVNDB-2017-013531
Trust: 0.8
db:CNVDid:CNVD-2018-15377
Trust: 0.6
db:CNNVDid:CNNVD-201805-949
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-15377 // 
            
            
            
            JVNDB: JVNDB-2017-013531 // 
            
            
            
            CNNVD: CNNVD-201805-949 // 
            
            
            
            NVD: CVE-2016-10650

REFERENCES
url:https://nodesecurity.io/advisories/253
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2016-10650
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10650
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-15377 // 
            
            
            
            JVNDB: JVNDB-2017-013531 // 
            
            
            
            CNNVD: CNNVD-201805-949 // 
            
            
            
            NVD: CVE-2016-10650

SOURCES
db:CNVDid:CNVD-2018-15377
db:JVNDBid:JVNDB-2017-013531
db:CNNVDid:CNNVD-201805-949
db:NVDid:CVE-2016-10650

LAST UPDATE DATE
2024-11-23T22:38:13.405000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-15377date:2018-08-15T00:00:00
db:JVNDBid:JVNDB-2017-013531date:2018-07-24T00:00:00
db:CNNVDid:CNNVD-201805-949date:2019-10-17T00:00:00
db:NVDid:CVE-2016-10650date:2024-11-21T02:44:26.653

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-15377date:2018-08-15T00:00:00
db:JVNDBid:JVNDB-2017-013531date:2018-07-24T00:00:00
db:CNNVDid:CNNVD-201805-949date:2018-05-30T00:00:00
db:NVDid:CVE-2016-10650date:2018-05-29T20:29:01.690