From 87bb71ba0904d75c1e5c561b8472b56076a147f4 Mon Sep 17 00:00:00 2001 From: Joshua Smith Date: Fri, 12 Jan 2018 18:52:02 -0600 Subject: [PATCH 1/2] ZDI assigns the following CVEs: M 2017/16xxx/CVE-2017-16590.json M 2017/16xxx/CVE-2017-16591.json M 2017/16xxx/CVE-2017-16592.json M 2017/16xxx/CVE-2017-16593.json M 2017/16xxx/CVE-2017-16594.json M 2017/16xxx/CVE-2017-16595.json M 2017/16xxx/CVE-2017-16596.json M 2017/16xxx/CVE-2017-16597.json M 2017/16xxx/CVE-2017-16598.json M 2017/16xxx/CVE-2017-16599.json M 2017/16xxx/CVE-2017-16600.json M 2017/16xxx/CVE-2017-16601.json M 2017/16xxx/CVE-2017-16602.json M 2017/16xxx/CVE-2017-16603.json M 2017/16xxx/CVE-2017-16604.json M 2017/16xxx/CVE-2017-16605.json M 2017/16xxx/CVE-2017-16606.json M 2017/16xxx/CVE-2017-16607.json M 2017/16xxx/CVE-2017-16608.json M 2017/16xxx/CVE-2017-16609.json M 2017/16xxx/CVE-2017-16610.json M 2017/17xxx/CVE-2017-17406.json M 2017/17xxx/CVE-2017-17407.json --- 2017/16xxx/CVE-2017-16590.json | 48 +++++++++++++++++++++++++++++++--- 2017/16xxx/CVE-2017-16591.json | 48 +++++++++++++++++++++++++++++++--- 2017/16xxx/CVE-2017-16592.json | 48 +++++++++++++++++++++++++++++++--- 2017/16xxx/CVE-2017-16593.json | 48 +++++++++++++++++++++++++++++++--- 2017/16xxx/CVE-2017-16594.json | 48 +++++++++++++++++++++++++++++++--- 2017/16xxx/CVE-2017-16595.json | 48 +++++++++++++++++++++++++++++++--- 2017/16xxx/CVE-2017-16596.json | 48 +++++++++++++++++++++++++++++++--- 2017/16xxx/CVE-2017-16597.json | 48 +++++++++++++++++++++++++++++++--- 2017/16xxx/CVE-2017-16598.json | 48 +++++++++++++++++++++++++++++++--- 2017/16xxx/CVE-2017-16599.json | 48 +++++++++++++++++++++++++++++++--- 2017/16xxx/CVE-2017-16600.json | 48 +++++++++++++++++++++++++++++++--- 2017/16xxx/CVE-2017-16601.json | 48 +++++++++++++++++++++++++++++++--- 2017/16xxx/CVE-2017-16602.json | 48 +++++++++++++++++++++++++++++++--- 2017/16xxx/CVE-2017-16603.json | 48 +++++++++++++++++++++++++++++++--- 2017/16xxx/CVE-2017-16604.json | 48 +++++++++++++++++++++++++++++++--- 2017/16xxx/CVE-2017-16605.json | 48 +++++++++++++++++++++++++++++++--- 2017/16xxx/CVE-2017-16606.json | 48 +++++++++++++++++++++++++++++++--- 2017/16xxx/CVE-2017-16607.json | 48 +++++++++++++++++++++++++++++++--- 2017/16xxx/CVE-2017-16608.json | 48 +++++++++++++++++++++++++++++++--- 2017/16xxx/CVE-2017-16609.json | 48 +++++++++++++++++++++++++++++++--- 2017/16xxx/CVE-2017-16610.json | 48 +++++++++++++++++++++++++++++++--- 2017/17xxx/CVE-2017-17406.json | 48 +++++++++++++++++++++++++++++++--- 2017/17xxx/CVE-2017-17407.json | 48 +++++++++++++++++++++++++++++++--- 23 files changed, 1035 insertions(+), 69 deletions(-) diff --git a/2017/16xxx/CVE-2017-16590.json b/2017/16xxx/CVE-2017-16590.json index be42faecedb..0d35a9f60e7 100644 --- a/2017/16xxx/CVE-2017-16590.json +++ b/2017/16xxx/CVE-2017-16590.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16590", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "7.2.699 build 1001" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. User interaction is required to exploit this vulnerability. The specific flaw exists within the MainFilter servlet. The issue results from the lack of proper string matching inside the doFilter method. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of Administrator. Was ZDI-CAN-5099." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-289-Authentication Bypass by Alternate Name" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-955" } ] } diff --git a/2017/16xxx/CVE-2017-16591.json b/2017/16xxx/CVE-2017-16591.json index c1bf64474a2..cbc69a7fd33 100644 --- a/2017/16xxx/CVE-2017-16591.json +++ b/2017/16xxx/CVE-2017-16591.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16591", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "7.2.699 build 1001" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.download_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5100." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-956" } ] } diff --git a/2017/16xxx/CVE-2017-16592.json b/2017/16xxx/CVE-2017-16592.json index 67a505e9daf..f9761f0cf5f 100644 --- a/2017/16xxx/CVE-2017-16592.json +++ b/2017/16xxx/CVE-2017-16592.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16592", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.download_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5103." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-957" } ] } diff --git a/2017/16xxx/CVE-2017-16593.json b/2017/16xxx/CVE-2017-16593.json index 06d249fac37..31caeb03dc3 100644 --- a/2017/16xxx/CVE-2017-16593.json +++ b/2017/16xxx/CVE-2017-16593.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16593", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.del_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filenames parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete any files accessible to the Administrator user. Was ZDI-CAN-5104." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-958" } ] } diff --git a/2017/16xxx/CVE-2017-16594.json b/2017/16xxx/CVE-2017-16594.json index 64d84a36f28..b1fbfb1605d 100644 --- a/2017/16xxx/CVE-2017-16594.json +++ b/2017/16xxx/CVE-2017-16594.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16594", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.db.save_005fimage_jsp servlet, which listens on TCP port 8081 by default. When parsing the id parameter, the process does not properly validate user-supplied data, which can allow for the upload of files. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5117." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-434-Unrestricted Upload of File with Dangerous Type" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-959" } ] } diff --git a/2017/16xxx/CVE-2017-16595.json b/2017/16xxx/CVE-2017-16595.json index e29deb18bf1..5c936b03391 100644 --- a/2017/16xxx/CVE-2017-16595.json +++ b/2017/16xxx/CVE-2017-16595.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16595", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.export_005fdownload_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5118." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-960" } ] } diff --git a/2017/16xxx/CVE-2017-16596.json b/2017/16xxx/CVE-2017-16596.json index d84b753643d..7c1f751ee3d 100644 --- a/2017/16xxx/CVE-2017-16596.json +++ b/2017/16xxx/CVE-2017-16596.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16596", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.designer.script_005fsamples_jsp servlet, which listens on TCP port 8081 by default. When parsing the type parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5119." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-961" } ] } diff --git a/2017/16xxx/CVE-2017-16597.json b/2017/16xxx/CVE-2017-16597.json index d14ed4b3abf..4f999d13780 100644 --- a/2017/16xxx/CVE-2017-16597.json +++ b/2017/16xxx/CVE-2017-16597.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16597", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of WRQ requests. When parsing the Filename field, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5137." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-962" } ] } diff --git a/2017/16xxx/CVE-2017-16598.json b/2017/16xxx/CVE-2017-16598.json index 1e3f7be51c9..750ee090f00 100644 --- a/2017/16xxx/CVE-2017-16598.json +++ b/2017/16xxx/CVE-2017-16598.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16598", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute code by overwriting arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.tools.snmpwalk.snmpwalk_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the ip parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5138." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-963" } ] } diff --git a/2017/16xxx/CVE-2017-16599.json b/2017/16xxx/CVE-2017-16599.json index 54c7a8ad616..6d4b0377793 100644 --- a/2017/16xxx/CVE-2017-16599.json +++ b/2017/16xxx/CVE-2017-16599.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16599", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.misc.sample_jsp servlet, which listens on TCP port 8081 by default. When parsing the type parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5190." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-964" } ] } diff --git a/2017/16xxx/CVE-2017-16600.json b/2017/16xxx/CVE-2017-16600.json index 51887d39a6d..aab953eebb4 100644 --- a/2017/16xxx/CVE-2017-16600.json +++ b/2017/16xxx/CVE-2017-16600.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16600", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to overwrite files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.network.traffic_005freport_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5191." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-965" } ] } diff --git a/2017/16xxx/CVE-2017-16601.json b/2017/16xxx/CVE-2017-16601.json index eb7fe353032..1dafc85c060 100644 --- a/2017/16xxx/CVE-2017-16601.json +++ b/2017/16xxx/CVE-2017-16601.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16601", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.reports.templates.service.service_005ffailures_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5192." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-966" } ] } diff --git a/2017/16xxx/CVE-2017-16602.json b/2017/16xxx/CVE-2017-16602.json index 8951547eab8..fad73a5a2bf 100644 --- a/2017/16xxx/CVE-2017-16602.json +++ b/2017/16xxx/CVE-2017-16602.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16602", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.tools.exec_jsp servlet, which listens on TCP port 8081 by default. When parsing the command parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5193." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-78-Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-967" } ] } diff --git a/2017/16xxx/CVE-2017-16603.json b/2017/16xxx/CVE-2017-16603.json index 2b3b6ed2397..f2e46bcd7ac 100644 --- a/2017/16xxx/CVE-2017-16603.json +++ b/2017/16xxx/CVE-2017-16603.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16603", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.settings.upload_005ffile_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate user-supplied data, which can allow for the upload of files. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5194." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-968" } ] } diff --git a/2017/16xxx/CVE-2017-16604.json b/2017/16xxx/CVE-2017-16604.json index 850747546f4..01a0e8a3a0f 100644 --- a/2017/16xxx/CVE-2017-16604.json +++ b/2017/16xxx/CVE-2017-16604.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16604", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.cnnic.asset.deviceReport.deviceReport_005fexport_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5195." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-969" } ] } diff --git a/2017/16xxx/CVE-2017-16605.json b/2017/16xxx/CVE-2017-16605.json index a2eb1feee2d..e28a6322bad 100644 --- a/2017/16xxx/CVE-2017-16605.json +++ b/2017/16xxx/CVE-2017-16605.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16605", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.db.save_005fattrs_jsp servlet, which listens on TCP port 8081 by default. When parsing the id parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5196." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-970" } ] } diff --git a/2017/16xxx/CVE-2017-16606.json b/2017/16xxx/CVE-2017-16606.json index 21040459e51..89d7230f2c8 100644 --- a/2017/16xxx/CVE-2017-16606.json +++ b/2017/16xxx/CVE-2017-16606.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16606", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "7.2.730 build 1034" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp._3d.add_005f3d_005fview_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5197." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-971" } ] } diff --git a/2017/16xxx/CVE-2017-16607.json b/2017/16xxx/CVE-2017-16607.json index c347472dace..fbcb9667f0e 100644 --- a/2017/16xxx/CVE-2017-16607.json +++ b/2017/16xxx/CVE-2017-16607.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16607", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "v7.2.586 build 877" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within heapdumps.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download heap memory dump. An attacker can leverage this in conjunction with other vulnerabilities to disclose sensitive information in the context of the current process. Was ZDI-CAN-4718." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-200-Information Exposure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-949" } ] } diff --git a/2017/16xxx/CVE-2017-16608.json b/2017/16xxx/CVE-2017-16608.json index 3af28c307d5..9314b1949e1 100644 --- a/2017/16xxx/CVE-2017-16608.json +++ b/2017/16xxx/CVE-2017-16608.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16608", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "v7.2.586 build 877" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4749." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-78-Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-950" } ] } diff --git a/2017/16xxx/CVE-2017-16609.json b/2017/16xxx/CVE-2017-16609.json index 06099d4e4cf..c87343c9b23 100644 --- a/2017/16xxx/CVE-2017-16609.json +++ b/2017/16xxx/CVE-2017-16609.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16609", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "v7.2.586 build 877" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download a file. An attacker can leverage this vulnerability to expose sensitive information. Was ZDI-CAN-4750." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-39-Path Traversal: 'C:dirname'" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-951" } ] } diff --git a/2017/16xxx/CVE-2017-16610.json b/2017/16xxx/CVE-2017-16610.json index d26f1f71443..d8008c93b65 100644 --- a/2017/16xxx/CVE-2017-16610.json +++ b/2017/16xxx/CVE-2017-16610.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-16610", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "v7.2.586 build 877" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within upload_save_do.jsp. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4751." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-952" } ] } diff --git a/2017/17xxx/CVE-2017-17406.json b/2017/17xxx/CVE-2017-17406.json index d7da1721b2c..ad00211e3b3 100644 --- a/2017/17xxx/CVE-2017-17406.json +++ b/2017/17xxx/CVE-2017-17406.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-17406", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "v7.2.586 build 877" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within an exposed RMI registry, which listens on TCP ports 1800 and 1850 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Was ZDI-CAN-4753." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-502-Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-953" } ] } diff --git a/2017/17xxx/CVE-2017-17407.json b/2017/17xxx/CVE-2017-17407.json index 87c789b1f13..024b659a6cf 100644 --- a/2017/17xxx/CVE-2017-17407.json +++ b/2017/17xxx/CVE-2017-17407.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "zdi-disclosures@trendmicro.com", "ID" : "CVE-2017-17407", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "NetGain Systems Enterprise Manager", + "version" : { + "version_data" : [ + { + "version_value" : "v7.2.699 build 1001" + } + ] + } + } + ] + }, + "vendor_name" : "NetGain Systems" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001 . Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the content parameter provided to the script_test.jsp endpoint. A crafted content request parameter can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code under the context of the web service. Was ZDI-CAN-5080." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-78-Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://zerodayinitiative.com/advisories/ZDI-17-954" } ] } From 562b5037fe2870a483ece55c71a98b283e126e48 Mon Sep 17 00:00:00 2001 From: Joshua Smith Date: Mon, 22 Jan 2018 13:08:41 -0600 Subject: [PATCH 2/2] addresses comments from cve-team on CVE-2017-16592 --- 2017/16xxx/CVE-2017-16592.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2017/16xxx/CVE-2017-16592.json b/2017/16xxx/CVE-2017-16592.json index f9761f0cf5f..3d4efd83ad1 100644 --- a/2017/16xxx/CVE-2017-16592.json +++ b/2017/16xxx/CVE-2017-16592.json @@ -34,7 +34,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.restore.download_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5103." + "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the common.download_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Was ZDI-CAN-5103." } ] },