CVE-2017-16778

An access control weakness in the DTMF tone receiver of Fermax Outdoor Panel allows physical attackers to inject a Dual-Tone-Multi-Frequency (DTMF) tone to invoke an access grant that would allow physical access to a restricted floor/level. By design, only a residential unit owner may allow such an access grant. However, due to incorrect access control, an attacker could inject it via the speaker unit to perform an access grant to gain unauthorized access, as demonstrated by a loud DTMF tone representing '1' and a long '#' (697 Hz and 1209 Hz, followed by 941 Hz and 1477 Hz).

CVSS v3 4.6 MEDIUM
CVSS v2.0 2.1 LOW

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/breaktoprotect/CVE-2017-16778-Intercom-DTMF-Injection	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:fermax:outdoor_panel_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:fermax:outdoor_panel:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-12-24 14:15

Updated : 2024-02-28 17:28

NVD link : CVE-2017-16778

Mitre link : CVE-2017-16778

CVE.ORG link : CVE-2017-16778

JSON object : View

Products Affected

fermax

outdoor_panel_firmware
outdoor_panel

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2017-16778", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2019-12-24T14:15:11.590", "references": [{"url": "https://github.com/breaktoprotect/CVE-2017-16778-Intercom-DTMF-Injection", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "An access control weakness in the DTMF tone receiver of Fermax Outdoor Panel allows physical attackers to inject a Dual-Tone-Multi-Frequency (DTMF) tone to invoke an access grant that would allow physical access to a restricted floor/level. By design, only a residential unit owner may allow such an access grant. However, due to incorrect access control, an attacker could inject it via the speaker unit to perform an access grant to gain unauthorized access, as demonstrated by a loud DTMF tone representing '1' and a long '#' (697 Hz and 1209 Hz, followed by 941 Hz and 1477 Hz)."}, {"lang": "es", "value": "Una debilidad de control de acceso en el receptor de tono DTMF Fermax Outdoor Panel, permite a atacantes f\u00edsicos inyectar un tono Dual-Tone-Multi-Frequency (DTMF) para invocar una concesi\u00f3n de acceso que permitir\u00eda el acceso f\u00edsico a un piso/nivel restringido. Por dise\u00f1o, solo el propietario de una unidad residencial puede permitir dicha concesi\u00f3n de acceso. Sin embargo, debido al control de acceso incorrecto, un atacante podr\u00eda inyectarlo por medio de la unidad de altavoz para realizar una concesi\u00f3n de acceso para conseguir acceso no autorizado, como es demostrado por un fuerte tono DTMF que representa \"1\" y un largo \"#\" (697 Hz y 1209 Hz , seguido de 941 Hz y 1477 Hz)."}], "lastModified": "2020-01-08T22:07:53.507", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fermax:outdoor_panel_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2977C96E-02C6-44AA-8F9C-8A0348CBB546"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fermax:outdoor_panel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "96B3D940-C83D-4251-995A-0E402D80758B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}