Details of VAR-201807-0265

ID

VAR-201807-0265

CVE

CVE-2017-3210

TITLE

Portrait Displays SDK applications are vulnerable to arbitrary code execution and privilege escalation

Trust: 0.8

sources: CERT/CC: VU#219739

DESCRIPTION

Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26. this SDK In multiple applications created using Authenticated Users It was reported that it can be changed with the authority of. Portrait Displays SDK is prone to a local privilege-escalation vulnerability. Portrait Display SDK 2.30 through 2.34 are vulnerable. Portrait Displays is a scalable platform supporting all display technologies and embedded control platforms for displays

Trust: 2.7

sources: NVD: CVE-2017-3210 // CERT/CC: VU#219739 // JVNDB: JVNDB-2017-002744 // BID: 98006 // VULHUB: VHN-111413

AFFECTED PRODUCTS

vendor:	fujitsu	model:	displayview click	scope:	eq	version:	6.01	Trust: 2.1
vendor:	fujitsu	model:	displayview click	scope:	eq	version:	6.0	Trust: 2.1
vendor:	philips	model:	smart control premium	scope:	eq	version:	2.25	Trust: 1.9
vendor:	philips	model:	smart control premium	scope:	eq	version:	2.23	Trust: 1.3
vendor:	hp	model:	my display	scope:	eq	version:	2.0	Trust: 1.3
vendor:	hp	model:	display assistant	scope:	eq	version:	2.1	Trust: 1.3
vendor:	portrait	model:	display sdk	scope:	lt	version:	2.34	Trust: 1.0
vendor:	portrait	model:	display sdk	scope:	gte	version:	2.30	Trust: 1.0
vendor:	fujitsu	model:	displayview click suite	scope:	eq	version:	5.0	Trust: 1.0
vendor:	portrait displays	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	koninklijke philips n v	model:	smart control premium	scope:	eq	version:	2.23	Trust: 0.8
vendor:	koninklijke philips n v	model:	smart control premium	scope:	eq	version:	2.25	Trust: 0.8
vendor:	portrait displays	model:	sdk	scope:	eq	version:	2.30 to 2.34	Trust: 0.8
vendor:	hewlett packard	model:	hp display assistant	scope:	eq	version:	2.1	Trust: 0.8
vendor:	hewlett packard	model:	hp my display	scope:	eq	version:	2.0	Trust: 0.8
vendor:	fujitsu	model:	displayview click	scope:	eq	version:	suite 5	Trust: 0.8
vendor:	portrait	model:	displays sdk	scope:	eq	version:	2.34	Trust: 0.3
vendor:	portrait	model:	displays sdk	scope:	eq	version:	2.30	Trust: 0.3
vendor:	fujitsu	model:	displayview click suite	scope:	eq	version:	5	Trust: 0.3
vendor:	philips	model:	smart control premium	scope:	ne	version:	2.26	Trust: 0.3
vendor:	hp	model:	my display	scope:	ne	version:	2.1	Trust: 0.3
vendor:	hp	model:	display assistant	scope:	ne	version:	2.11	Trust: 0.3
vendor:	fujitsu	model:	displayview click suite	scope:	ne	version:	5.9	Trust: 0.3
vendor:	fujitsu	model:	displayview click	scope:	ne	version:	6.3	Trust: 0.3

sources: CERT/CC: VU#219739 // BID: 98006 // JVNDB: JVNDB-2017-002744 // CNNVD: CNNVD-201704-1417 // NVD: CVE-2017-3210

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3210
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-3210
value:	MEDIUM
Trust: 0.8
IPA:	JVNDB-2017-002744
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201704-1417
value:	HIGH
Trust: 0.6
VULHUB:	VHN-111413
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-3210
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2017-3210
severity:	MEDIUM
baseScore:	6.8
vectorString:	NONE
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
IPA:	JVNDB-2017-002744
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-111413
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3210
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.0
IPA:	JVNDB-2017-002744
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CERT/CC: VU#219739 // VULHUB: VHN-111413 // JVNDB: JVNDB-2017-002744 // CNNVD: CNNVD-201704-1417 // NVD: CVE-2017-3210

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.8
problemtype:	CWE-16	Trust: 1.1

sources: VULHUB: VHN-111413 // JVNDB: JVNDB-2017-002744 // NVD: CVE-2017-3210

THREAT TYPE

local

Trust: 0.9

sources: BID: 98006 // CNNVD: CNNVD-201704-1417

TYPE

Configuration Error

Trust: 0.9

sources: BID: 98006 // CNNVD: CNNVD-201704-1417

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-002744

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-111413

PATCH

title:	富士通株式会社の告知ページ	url:	http://support.ts.fujitsu.com/content/QuicksearchResult.asp?lng=COM&q=displayView+Click	Trust: 0.8
title:	Security Update!	url:	http://www.portrait.com/securityupdate.html	Trust: 0.8
title:	Portrait Displays SDK Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69668	Trust: 0.6

sources: JVNDB: JVNDB-2017-002744 // CNNVD: CNNVD-201704-1417

EXTERNAL IDS

db:	CERT/CC	id:	VU#219739	Trust: 3.6
db:	NVD	id:	CVE-2017-3210	Trust: 2.8
db:	BID	id:	98006	Trust: 2.0
db:	JVN	id:	JVNVU96080594	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-002744	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-1417	Trust: 0.7
db:	TENABLE	id:	TNS-2017-10	Trust: 0.3
db:	PACKETSTORM	id:	142312	Trust: 0.1
db:	VULHUB	id:	VHN-111413	Trust: 0.1

sources: CERT/CC: VU#219739 // VULHUB: VHN-111413 // BID: 98006 // JVNDB: JVNDB-2017-002744 // CNNVD: CNNVD-201704-1417 // NVD: CVE-2017-3210

REFERENCES

url:	https://www.kb.cert.org/vuls/id/219739	Trust: 2.8
url:	https://www.securityfocus.com/bid/98006	Trust: 1.7
url:	http://www.portrait.com/securityupdate.html	Trust: 1.1
url:	https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170425-0_portrait_displays_sdk_privilege_escalation_v10.txt	Trust: 1.1
url:	https://www.sec-consult.com/en/vulnerability-lab/advisories.htm	Trust: 0.8
url:	http://blog.sec-consult.com/	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3210	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu96080594/index.html	Trust: 0.8
url:	http://blog.sec-consult.com/2017/04/what-unites-hp-philips-and-fujitsu-one.html	Trust: 0.8
url:	http://www.tenable.com/products/nessus	Trust: 0.3
url:	https://www.tenable.com/security/tns-2017-10	Trust: 0.3

sources: CERT/CC: VU#219739 // VULHUB: VHN-111413 // BID: 98006 // JVNDB: JVNDB-2017-002744 // CNNVD: CNNVD-201704-1417 // NVD: CVE-2017-3210

CREDITS

Werner Schober of SEC Consult

Trust: 0.9

sources: BID: 98006 // CNNVD: CNNVD-201704-1417

SOURCES

db:	CERT/CC	id:	VU#219739
db:	VULHUB	id:	VHN-111413
db:	BID	id:	98006
db:	JVNDB	id:	JVNDB-2017-002744
db:	CNNVD	id:	CNNVD-201704-1417
db:	NVD	id:	CVE-2017-3210

LAST UPDATE DATE

2024-11-23T22:07:27.171000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#219739	date:	2017-04-25T00:00:00
db:	VULHUB	id:	VHN-111413	date:	2019-10-09T00:00:00
db:	BID	id:	98006	date:	2017-05-02T03:09:00
db:	JVNDB	id:	JVNDB-2017-002744	date:	2017-05-09T00:00:00
db:	CNNVD	id:	CNNVD-201704-1417	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-3210	date:	2024-11-21T03:25:02.553

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#219739	date:	2017-04-25T00:00:00
db:	VULHUB	id:	VHN-111413	date:	2018-07-24T00:00:00
db:	BID	id:	98006	date:	2017-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2017-002744	date:	2017-04-27T00:00:00
db:	CNNVD	id:	CNNVD-201704-1417	date:	2017-04-26T00:00:00
db:	NVD	id:	CVE-2017-3210	date:	2018-07-24T15:29:00.733