CVE-2017-13701

{"id": "CVE-2017-13701", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-11-23T21:29:00.343", "references": [{"url": "http://www.securityfocus.com/bid/101966", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf", "tags": ["Mitigation", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method."}, {"lang": "es", "value": "Se ha descubierto un error en la build 16072215 de los dispositivos MOXA EDS-G512E 5.1. El archivo de copia de seguridad contiene informaci\u00f3n sensible de forma no segura. No hay una sal para el hasheo de contrase\u00f1as. Las contrase\u00f1as se almacenan sin ser cifradas con un m\u00e9todo de cifrado con marca de tiempo."}], "lastModified": "2017-12-08T15:40:23.147", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:eds-g512e_firmware:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80F267F1-E99B-4FF2-8CE6-43DB70F66DAA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:eds-g512e:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B89398E6-21CC-49D9-AD9B-343AD58A69FC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}