{ "id": "CVE-2017-6094", "sourceIdentifier": "cve@mitre.org", "published": "2017-12-20T20:29:00.573", "lastModified": "2018-01-11T15:10:05.010", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain \"chk\" value (48bit) derived from the MAC. The algorithm used to compute the \"chk\" was disclosed by reverse engineering the CPE's firmware. As a result, it is possible to forge valid \"chk\" values for any given MAC address and therefore receive the configuration settings of other subscribers' CPEs. The configuration settings often contain sensitive values, for example credentials (username/password) for VoIP services. This issue affects Genexis B.V. GAPS up to 7.2." }, { "lang": "es", "value": "Los CPE utilizados por los suscriptores en la red de acceso reciben su configuraci\u00f3n individual desde una instancia GAPS central. Un CPE se identifica por la direcci\u00f3n MAC de su interfaz WAN y un valor determinado \"chk\" (48bit) derivado del MAC. El algoritmo utilizado para calcular el \"chk\" fue revelado mediante ingenier\u00eda inversa en el firmware del CPE. Como resultado, es posible forjar valores \"chk\" v\u00e1lidos para cualquier direcci\u00f3n MAC dada y por lo tanto recibir los ajustes de configuraci\u00f3n de CPE de otros suscriptores. Los ajustes de configuraci\u00f3n suelen contener valores sensibles, por ejemplo, credenciales (nombre de usuario/contrase\u00f1a) para servicios VoIP. Esta situaci\u00f3n afecta a Genexis B. V. GAPS hasta la versi\u00f3n 7.2." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-200" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:genexis:gaps:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.2", "matchCriteriaId": "B390447F-1540-4A24-AD01-57E95DF00953" } ] } ] } ], "references": [ { "url": "http://seclists.org/fulldisclosure/2017/Dec/62", "source": "cve@mitre.org", "tags": [ "Exploit", "Mailing List", "Mitigation", "Third Party Advisory" ] } ] }