CVE-2017-18923

beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://beronet.atlassian.net/wiki/spaces/PUB/pages/88768529/Security+Issues	Third Party Advisory
https://www.heise.de/security/meldung/Angriffe-auf-VoIP-Gateways-von-beroNet-Patch-sorgt-fuer-Sicherheit-3594737.html	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:beronet:voice_over_internet_protocol_gateways_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:beronet:bf16001e1box:-:::::::*
	cpe:2.3:h:beronet:bf16001t1box:-:::::::*
	cpe:2.3:h:beronet:bf4001e1box:-:::::::*
	cpe:2.3:h:beronet:bf4001t1box:-:::::::*
	cpe:2.3:h:beronet:bf64002e1box:-:::::::*
	cpe:2.3:h:beronet:bf64002t1box:-:::::::*
	cpe:2.3:h:beronet:bfsb1s0:-:::::::*
	cpe:2.3:h:beronet:bfsb2hy:-:::::::*
	cpe:2.3:h:beronet:bfsb2s0:-:::::::*
	cpe:2.3:h:beronet:bfsb2s02xo:-:::::::*
	cpe:2.3:h:beronet:bfsb4xo:-:::::::*
	cpe:2.3:h:beronet:bfsb4xo4xs:-:::::::*
	cpe:2.3:h:beronet:bfsb4xs:-:::::::*
	cpe:2.3:h:beronet:bn16fxsfax_b:-:::::::*
	cpe:2.3:h:beronet:bn16fxsfax_c:-:::::::*

History

No history.

Information

Published : 2020-07-29 20:15

Updated : 2024-02-28 17:47

NVD link : CVE-2017-18923

Mitre link : CVE-2017-18923

CVE.ORG link : CVE-2017-18923

JSON object : View

Products Affected

beronet

bn16fxsfax_c
bf64002t1box
bn16fxsfax_b
bf4001t1box
bfsb2s0
bf16001e1box
bf4001e1box
bfsb2s02xo
bfsb4xo
bfsb4xs
bfsb4xo4xs
bf64002e1box
bf16001t1box
bfsb1s0
voice_over_internet_protocol_gateways_firmware
bfsb2hy

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

{"id": "CVE-2017-18923", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-07-29T20:15:12.303", "references": [{"url": "https://beronet.atlassian.net/wiki/spaces/PUB/pages/88768529/Security+Issues", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.heise.de/security/meldung/Angriffe-auf-VoIP-Gateways-von-beroNet-Patch-sorgt-fuer-Sicherheit-3594737.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials."}, {"lang": "es", "value": "beroNet VoIP Gateways versiones anteriores a 3.0.16, presentan un script PHP que permite descargar archivos arbitrarios, incluyendo aquellos con credenciales"}], "lastModified": "2020-08-05T15:44:41.857", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:beronet:voice_over_internet_protocol_gateways_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A52452B-5C05-4FBB-B74B-8C67308622E2", "versionEndExcluding": "3.0.16", "versionStartIncluding": "2.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:beronet:bf16001e1box:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "92542C47-7C84-497E-B008-CFEFF1F5808C"}, {"criteria": "cpe:2.3:h:beronet:bf16001t1box:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "41923990-1DFB-4DC3-90AD-E8B4903D6E20"}, {"criteria": "cpe:2.3:h:beronet:bf4001e1box:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E26F9826-BF11-4BEC-ADCD-56E117E61B2E"}, {"criteria": "cpe:2.3:h:beronet:bf4001t1box:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A1ED34D1-80E7-47CD-A48C-4E68260E788F"}, {"criteria": "cpe:2.3:h:beronet:bf64002e1box:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A48CDAAE-0B32-4B4A-933A-F4295E99B9D0"}, {"criteria": "cpe:2.3:h:beronet:bf64002t1box:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2D617773-71E4-4FB8-8B73-DE9619BD6C63"}, {"criteria": "cpe:2.3:h:beronet:bfsb1s0:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9A187A2F-7D37-41D5-9BF1-A46837DC61CD"}, {"criteria": "cpe:2.3:h:beronet:bfsb2hy:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "67D346B0-8AD2-4EE6-A2EC-F09ACFC1D153"}, {"criteria": "cpe:2.3:h:beronet:bfsb2s0:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2010A08A-9C0D-4F11-BEA9-AA0900911E64"}, {"criteria": "cpe:2.3:h:beronet:bfsb2s02xo:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "291EE6F7-5B9C-47F6-A282-0A6CDC4D729E"}, {"criteria": "cpe:2.3:h:beronet:bfsb4xo:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BA29D448-F80E-411E-94B9-DB5D8991F3D1"}, {"criteria": "cpe:2.3:h:beronet:bfsb4xo4xs:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D16E8732-AA00-4662-9DEF-2433110F8B99"}, {"criteria": "cpe:2.3:h:beronet:bfsb4xs:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "20051927-AFE0-42E1-A8A8-89E651786A5D"}, {"criteria": "cpe:2.3:h:beronet:bn16fxsfax_b:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9989C947-95C8-4B2E-9ACF-297E985002C0"}, {"criteria": "cpe:2.3:h:beronet:bn16fxsfax_c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4E167633-77E9-44E4-B5B5-ECCC3C0FABA4"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}