CVE-2017-20007

{"id": "CVE-2017-20007", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2021-10-25T14:15:08.537", "references": [{"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/information-exposure-ingepac-da-au", "tags": ["Third Party Advisory"], "source": "cve-coordination@incibe.es"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the device\u00b4s web service could exploit this vulnerability in order to obtain different configuration files."}, {"lang": "es", "value": "La aplicaci\u00f3n web Ingeteam INGEPAC DA AU versiones AUC_1.13.0.28 (y anteriores), permiten el acceso a una determinada ruta que contiene informaci\u00f3n confidencial que podr\u00eda ser usada por un atacante para ejecutar ataques m\u00e1s sofisticados. Un atacante remoto no autenticado con acceso al servicio web del dispositivo podr\u00eda explotar esta vulnerabilidad para obtener diferentes archivos de configuraci\u00f3n"}], "lastModified": "2021-10-28T20:01:35.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ingeteam:ingepac_da_au_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69843CF9-1FDA-4003-9D98-B07D4A10500D", "versionEndIncluding": "auc_1.13.0.28"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ingeteam:ingepac_da_au:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "704C1AD2-2698-4F05-801D-96E5231FFB24"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve-coordination@incibe.es"}