Details of VAR-201807-0266

ID

VAR-201807-0266

CVE

CVE-2017-3217

TITLE

CalAmp LMU-3030 devices may not authenticate SMS interface

Trust: 0.8

sources: CERT/CC: VU#251927

DESCRIPTION

CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker only needs to know the phone number of the device (via an IMSI Catcher, for example) to send administrative commands to the device. These commands can be used to provide ongoing, real-time access to the device and can configure parameters such as IP addresses, firewall rules, and passwords. For discovered cases, password setting and SMS Correspondence such as invalidation of interface is performed. Lack of authentication for critical functions (CWE-306) - CVE-2017-3217 CalAmp LMU 3030 Series provides telematics information for vehicle management OBD-II One of the devices. can be set. SMS If no password is set for the interface, IMSI Catcher It may be attacked by a remote party who obtained the phone number of the device.Vehicle GPS Coordinates, car orientation, speed, and maintenance information may be accessed. Also, an old version of firmware is rewritten by a remote third party into firmware that contains malicious code, CAN An attack on the bus may be carried out. CalAmp LMU-3030 devices are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. CalAmp LMU-3030 is a GPS tracking device produced by CalAmp in the United States. Authentication bypass vulnerabilities exist in the CalAmp LMU-3030 OBD-II version, CDMA version, and GSM version

Trust: 2.7

sources: NVD: CVE-2017-3217 // CERT/CC: VU#251927 // JVNDB: JVNDB-2017-003932 // BID: 98964 // VULHUB: VHN-111420

AFFECTED PRODUCTS

vendor:	calamp	model:	lmu 3030 cdma	scope:	eq	version:	-	Trust: 1.6
vendor:	calamp	model:	lmu 3030 gsm	scope:	eq	version:	-	Trust: 1.6
vendor:	calamp	model:	lmu 3030 obd-ii	scope:	eq	version:	-	Trust: 1.6
vendor:	at t	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	calamp	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	gps insight	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	calamp	model:	lmu-3030 series	scope:	-	version:	-	Trust: 0.8
vendor:	calamp	model:	lmu-3030	scope:	eq	version:	0	Trust: 0.3

sources: CERT/CC: VU#251927 // BID: 98964 // JVNDB: JVNDB-2017-003932 // CNNVD: CNNVD-201706-357 // NVD: CVE-2017-3217

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3217
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-3217
value:	HIGH
Trust: 0.8
IPA:	JVNDB-2017-003932
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201706-357
value:	HIGH
Trust: 0.6
VULHUB:	VHN-111420
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-3217
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2017-3217
severity:	HIGH
baseScore:	10.0
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
IPA:	JVNDB-2017-003932
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-111420
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3217
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 1.0
IPA:	JVNDB-2017-003932
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CERT/CC: VU#251927 // VULHUB: VHN-111420 // JVNDB: JVNDB-2017-003932 // CNNVD: CNNVD-201706-357 // NVD: CVE-2017-3217

PROBLEMTYPE DATA

problemtype:

CWE-306

Trust: 1.9

sources: VULHUB: VHN-111420 // JVNDB: JVNDB-2017-003932 // NVD: CVE-2017-3217

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-357

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201706-357

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-003932

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#251927

PATCH

title:

CalAmp LMU-3030 Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71476

Trust: 0.6

sources: CNNVD: CNNVD-201706-357

EXTERNAL IDS

db:	CERT/CC	id:	VU#251927	Trust: 3.6
db:	NVD	id:	CVE-2017-3217	Trust: 2.8
db:	BID	id:	98964	Trust: 2.0
db:	JVN	id:	JVNVU91545522	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-003932	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-357	Trust: 0.7
db:	VULHUB	id:	VHN-111420	Trust: 0.1

sources: CERT/CC: VU#251927 // VULHUB: VHN-111420 // BID: 98964 // JVNDB: JVNDB-2017-003932 // CNNVD: CNNVD-201706-357 // NVD: CVE-2017-3217

REFERENCES

url:	https://www.kb.cert.org/vuls/id/251927	Trust: 2.8
url:	https://www.securityfocus.com/bid/98964	Trust: 1.7
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3217	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu91545522/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3217	Trust: 0.8
url:	http://www.calamp.com/	Trust: 0.3

sources: CERT/CC: VU#251927 // VULHUB: VHN-111420 // BID: 98964 // JVNDB: JVNDB-2017-003932 // CNNVD: CNNVD-201706-357 // NVD: CVE-2017-3217

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 98964

SOURCES

db:	CERT/CC	id:	VU#251927
db:	VULHUB	id:	VHN-111420
db:	BID	id:	98964
db:	JVNDB	id:	JVNDB-2017-003932
db:	CNNVD	id:	CNNVD-201706-357
db:	NVD	id:	CVE-2017-3217

LAST UPDATE DATE

2024-11-23T22:17:27.103000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#251927	date:	2017-06-14T00:00:00
db:	VULHUB	id:	VHN-111420	date:	2019-10-09T00:00:00
db:	BID	id:	98964	date:	2017-06-08T00:00:00
db:	JVNDB	id:	JVNDB-2017-003932	date:	2019-07-24T00:00:00
db:	CNNVD	id:	CNNVD-201706-357	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-3217	date:	2024-11-21T03:25:03.547

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#251927	date:	2017-06-08T00:00:00
db:	VULHUB	id:	VHN-111420	date:	2018-07-24T00:00:00
db:	BID	id:	98964	date:	2017-06-08T00:00:00
db:	JVNDB	id:	JVNDB-2017-003932	date:	2017-06-12T00:00:00
db:	CNNVD	id:	CNNVD-201706-357	date:	2017-06-08T00:00:00
db:	NVD	id:	CVE-2017-3217	date:	2018-07-24T15:29:00.797