CVE-2017-20082

A vulnerability, which was classified as problematic, has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. This issue affects some unknown processing. The manipulation leads to backdoor. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component.

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.9 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://seclists.org/fulldisclosure/2017/Feb/18	Exploit Mailing List Third Party Advisory
https://vuldb.com/?id.96815	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2017/Feb/18	Exploit Mailing List Third Party Advisory
https://vuldb.com/?id.96815	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:jung-group:smart_visu_server_firmware:1.0.804:::::::*
	cpe:2.3:o:jung-group:smart_visu_server_firmware:1.0.830:::::::*
	cpe:2.3:o:jung-group:smart_visu_server_firmware:1.0.832:::::::*

cpe:2.3:h:jung-group:smart_visu_server:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:22

Type	Values Removed	Values Added
References	~~() http://seclists.org/fulldisclosure/2017/Feb/18 - Exploit, Mailing List, Third Party Advisory~~	() http://seclists.org/fulldisclosure/2017/Feb/18 - Exploit, Mailing List, Third Party Advisory
References	~~() https://vuldb.com/?id.96815 - Third Party Advisory, VDB Entry~~	() https://vuldb.com/?id.96815 - Third Party Advisory, VDB Entry

Information

Published : 2022-06-22 06:15

Updated : 2024-11-21 03:22

NVD link : CVE-2017-20082

Mitre link : CVE-2017-20082

CVE.ORG link : CVE-2017-20082

JSON object : View

Products Affected

jung-group

smart_visu_server_firmware
smart_visu_server

CWE

CWE-912

Hidden Functionality

NVD-CWE-Other

{"id": "CVE-2017-20082", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-06-22T06:15:07.057", "references": [{"url": "http://seclists.org/fulldisclosure/2017/Feb/18", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.96815", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "http://seclists.org/fulldisclosure/2017/Feb/18", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?id.96815", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-912"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. This issue affects some unknown processing. The manipulation leads to backdoor. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad, clasificada como problem\u00e1tica, en JUNG Smart Visu Server versiones 1.0.804/1.0.830/1.0.832. Este problema afecta a algunos procesos desconocidos. La manipulaci\u00f3n conlleva a un backdoor. El ataque debe ser abordado localmente. La explotaci\u00f3n ha sido revelada al p\u00fablico y puede ser usada. La actualizaci\u00f3n a versi\u00f3n 1.0.900 puede abordar este problema. Es recomendado actualizar el componente afectado"}], "lastModified": "2024-11-21T03:22:35.647", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:jung-group:smart_visu_server_firmware:1.0.804:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5F3FFF1-510F-407F-B103-A145FB632239"}, {"criteria": "cpe:2.3:o:jung-group:smart_visu_server_firmware:1.0.830:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A87AF62-2B51-45BB-8038-507B04BFA29A"}, {"criteria": "cpe:2.3:o:jung-group:smart_visu_server_firmware:1.0.832:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82295308-4508-4B08-B42B-D17C6AC836FA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:jung-group:smart_visu_server:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B72946C8-4DEB-44E6-A22B-21AD3AC95A93"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cna@vuldb.com"}