Sign-up

ID

VAR-201907-1126


CVE

CVE-2017-6900


TITLE

riello-ups  of  netman 204  Certificate and password management vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-015256

DESCRIPTION

An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Further to this, VAL0 and VAL1 should be sanitised to ensure they do not contain malicious characters. Passing it the username of '-' will cause it to time out and log the user in because of poor error handling. This will log the attacker in as an administrator where the telnet / ssh services can be enabled, and the credentials for local users can be reset. Also, login.cgi accepts the username as a GET parameter, so login can be achieved by browsing to the /cgi-bin/login.cgi?username=-%20a URI. riello-ups of netman 204 The firmware contains vulnerabilities regarding certificate and password management.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RIELLO UPS NetMan is a network adapter produced by Italy RIELLO UPS company. A security vulnerability exists in Riello NetMan 204 versions 14-2 and 15-2

Trust: 1.71

sources: NVD: CVE-2017-6900 // JVNDB: JVNDB-2017-015256 // VULHUB: VHN-115103

AFFECTED PRODUCTS

vendor:riello upsmodel:netman 204scope:eqversion:14-2

Trust: 1.0

vendor:riello upsmodel:netman 204scope:eqversion:15-2

Trust: 1.0

vendor:riello upsmodel:netman 204scope:eqversion: -

Trust: 0.8

vendor:riello upsmodel:netman 204scope: - version: -

Trust: 0.8

vendor:riello upsmodel:netman 204scope:eqversion:netman 204 firmware 15-2

Trust: 0.8

vendor:riello upsmodel:netman 204scope:eqversion:netman 204 firmware 14-2

Trust: 0.8

sources: JVNDB: JVNDB-2017-015256 // NVD: CVE-2017-6900

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6900
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-6900
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201703-553
value: CRITICAL

Trust: 0.6

VULHUB: VHN-115103
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-6900
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-115103
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6900
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-115103 // JVNDB: JVNDB-2017-015256 // CNNVD: CNNVD-201703-553 // NVD: CVE-2017-6900

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.1

problemtype:Certificate/password management (CWE-255) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-115103 // JVNDB: JVNDB-2017-015256 // NVD: CVE-2017-6900

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-553

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201703-553

EXTERNAL IDS

db:NVDid:CVE-2017-6900

Trust: 3.3

db:JVNDBid:JVNDB-2017-015256

Trust: 0.8

db:CNNVDid:CNNVD-201703-553

Trust: 0.7

db:VULHUBid:VHN-115103

Trust: 0.1

sources: VULHUB: VHN-115103 // JVNDB: JVNDB-2017-015256 // CNNVD: CNNVD-201703-553 // NVD: CVE-2017-6900

REFERENCES

url:https://web.archive.org/web/20170205100702/https://blog.synack.co.uk/2017/01/31/my-first-exploit-db-post/

Trust: 1.9

url:https://blog.synack.co.uk/2017/01/31/my-first-exploit-db-post/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2017-6900

Trust: 1.4

url:https://web.archive.org/web/20170205100702/

Trust: 0.6

sources: VULHUB: VHN-115103 // JVNDB: JVNDB-2017-015256 // CNNVD: CNNVD-201703-553 // NVD: CVE-2017-6900

SOURCES

db:VULHUBid:VHN-115103
db:JVNDBid:JVNDB-2017-015256
db:CNNVDid:CNNVD-201703-553
db:NVDid:CVE-2017-6900

LAST UPDATE DATE

2024-11-23T22:58:37.889000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-115103date:2019-07-15T00:00:00
db:JVNDBid:JVNDB-2017-015256date:2024-07-24T06:39:00
db:CNNVDid:CNNVD-201703-553date:2019-07-16T00:00:00
db:NVDid:CVE-2017-6900date:2024-11-21T03:30:45.130

SOURCES RELEASE DATE

db:VULHUBid:VHN-115103date:2019-07-03T00:00:00
db:JVNDBid:JVNDB-2017-015256date:2024-07-24T00:00:00
db:CNNVDid:CNNVD-201703-553date:2017-03-15T00:00:00
db:NVDid:CVE-2017-6900date:2019-07-03T17:15:09.517