admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2017/CVE-2017-28xx/CVE-2017-2866.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

150 lines
4.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2017-2866",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2017-11-07T16:29:00.467",
"lastModified": "2024-11-21T03:24:21.270",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad explotable en la funcionalidad /api/CONFIG/backup de Circle with Disney. Los paquetes de red especialmente manipulados pueden provocar una inyecci\u00f3n de comandos de sistema operativo. Un atacante puede enviar una petici\u00f3n HTTP para provocar esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"baseScore": 9.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:meetcircle:circle_with_disney_firmware:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "287E642C-D156-4E0E-B8F7-2EFEEDC77E99"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:meetcircle:circle_with_disney:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9661BDE9-416C-40BF-B65C-E9979F511FF6"
}
]
}
]
}
],
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0372",
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0372",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink