admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2017/CVE-2017-83xx/CVE-2017-8332.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

212 lines
6.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2017-8332",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-06-18T21:15:09.840",
"lastModified": "2024-11-21T03:33:46.787",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking key words passing in the web traffic to prevent kids from watching content that might be deemed unsafe using the web management interface. It seems that the device does not implement any cross-site scripting protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a stored cross-site scripting payload on the user's browser and execute any action on the device provided by the web management interface."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Securifi Almond, Almond + y Almond 2015 con firmware AL-R096. El dispositivo proporciona a un usuario la capacidad de bloquear direcciones IP mediante la interfaz de administraci\u00f3n web. Parece que el dispositivo no implementa ning\u00fan mecanismo de protecci\u00f3n de falsificaci\u00f3n de scripts entre sitios que permita a un atacante enga\u00f1ar a un usuario que ha iniciado sesi\u00f3n en la interfaz de administraci\u00f3n web para que ejecute una carga \u00fatil de scripts entre sitios en el navegador del usuario y ejecute cualquier acci\u00f3n en El dispositivo proporcionado por la interfaz de gesti\u00f3n web."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseScore": 6.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:securifi:almond_2015_firmware:al-r096:*:*:*:*:*:*:*",
"matchCriteriaId": "208D57C5-306D-4759-9A80-9FC41EAABAF9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:securifi:almond_2015:-:*:*:*:*:*:*:*",
"matchCriteriaId": "927187D5-C000-4DC3-BECA-7872D2294820"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:securifi:almond\\+firmware:al-r096:*:*:*:*:*:*:*",
"matchCriteriaId": "006ED0DA-A55E-419B-ADE6-F116A64DBE45"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:securifi:almond\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3472E5F-5B79-4D36-B6AF-DFAE3021B803"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:securifi:almond_firmware:al-r096:*:*:*:*:*:*:*",
"matchCriteriaId": "43B428E1-51D5-48DA-B852-93434A9A8945"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:securifi:almond:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF61C46-EE6E-4592-B912-93D733A82095"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/153227/Securifi-Almond-2015-Buffer-Overflow-Command-Injection-XSS-CSRF.html",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Securifi_Almond_plus_sec_issues.pdf",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://seclists.org/bugtraq/2019/Jun/8",
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://packetstormsecurity.com/files/153227/Securifi-Almond-2015-Buffer-Overflow-Command-Injection-XSS-CSRF.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Securifi_Almond_plus_sec_issues.pdf",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://seclists.org/bugtraq/2019/Jun/8",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink