CVE-2017-13699

{"id": "CVE-2017-13699", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-11-23T21:29:00.297", "references": [{"url": "http://www.securityfocus.com/bid/106047", "source": "cve@mitre.org"}, {"url": "https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf", "tags": ["Mitigation", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-326"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it."}, {"lang": "es", "value": "Se ha descubierto un error en la build 16072215 de los dispositivos MOXA EDS-G512E 5.1. El m\u00e9todo de codificaci\u00f3n de contrase\u00f1as puede ser recuperado desde el firmware. El m\u00e9todo de codificaci\u00f3n se basa en un valor chall que se env\u00eda en texto claro como par\u00e1metro POST. Un atacante podr\u00eda invertir el algoritmo de codificaci\u00f3n de contrase\u00f1a para recuperarlo."}], "lastModified": "2018-11-30T11:29:01.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:eds-g512e_firmware:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80F267F1-E99B-4FF2-8CE6-43DB70F66DAA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:eds-g512e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B89398E6-21CC-49D9-AD9B-343AD58A69FC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}