CVE-2017-10830

{"id": "CVE-2017-10830", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2017-08-29T01:35:12.797", "references": [{"url": "http://f-security.jp/v6/support/information/100161.html", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/en/jp/JVN36303528/index.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "vultures@jpcert.or.jp"}, {"url": "http://f-security.jp/v6/support/information/100161.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://jvn.jp/en/jp/JVN36303528/index.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-426"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in Security Setup Tool all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."}, {"lang": "es", "value": "Una vulnerabilidad de tipo ruta de b\u00fasqueda no confiable en Security Setup Tool en todas sus versiones permite que un atacante consiga privilegios utilizando un archivo DLL troyano en un directorio no especificado."}], "lastModified": "2024-11-21T03:06:35.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ntt:security_setup_tool:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E6386E8-9D47-4351-81CE-99804CDD5C5F"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}