CVE-2017-2872

Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges.

CVSS v3 7.2 HIGH
CVSS v2.0 9.0 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379	Exploit Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:foscam:c1_firmware:2.52.2.43:*:*:*:*:*:*:*

cpe:2.3:h:foscam:c1:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:24

Type	Values Removed	Values Added
References	~~() https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379 - Exploit, Third Party Advisory~~	() https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379 - Exploit, Third Party Advisory

Information

Published : 2018-09-17 20:29

Updated : 2024-11-21 03:24

NVD link : CVE-2017-2872

Mitre link : CVE-2017-2872

CVE.ORG link : CVE-2017-2872

JSON object : View

Products Affected

foscam

c1_firmware
c1

CWE

CWE-287

Improper Authentication

{"id": "CVE-2017-2872", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2018-09-17T20:29:00.790", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379", "tags": ["Exploit", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges."}, {"lang": "es", "value": "Existen comprobaciones de seguridad insuficientes en el procedimiento de recuperaci\u00f3n empleado por Foscam C1 Indoor HD Camera ejecutando el firmware de aplicaci\u00f3n 2.52.2.43. Una petici\u00f3n HTTP puede permitir que un usuario realice una actualizaci\u00f3n de firmware mediante una imagen manipulada. Antes de que se \"flasheen\" actualizaciones de firmware en esta imagen en el dispositivo, los binarios y los argumentos a los comandos shell contenidos en la imagen se ejecutan con privilegios elevados."}], "lastModified": "2024-11-21T03:24:21.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:foscam:c1_firmware:2.52.2.43:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "669982BF-3C42-4030-AA74-C21621F73451"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:foscam:c1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F616DB3E-95FA-4679-A831-036AA3CF25EF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "talos-cna@cisco.com"}