CVE-2017-5173

{"id": "CVE-2017-5173", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-05-19T03:29:00.183", "references": [{"url": "http://www.securityfocus.com/bid/96209", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-045-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.exploit-db.com/exploits/41360/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.securityfocus.com/bid/96209", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-045-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/41360/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an attacker can call multiple parameters that can allow access to the root level operating system which could allow remote code execution."}, {"lang": "es", "value": "Se detect\u00f3 un problema de Neutralizaci\u00f3n Inapropiada de Elementos Especiales (en un comando del sistema operativo) en Camera IP G-Cam/EFD-2250 versi\u00f3n 1.11.0.12 de Geutebruck . Se ha identificado una neutralizaci\u00f3n inapropiada de la vulnerabilidad de elementos especiales. Si los elementos especiales no son neutralizados apropiadamente, un atacante puede llamar a m\u00faltiples par\u00e1metros que pueden permitir el acceso al sistema operativo de nivel root, lo que permitir\u00eda la ejecuci\u00f3n de c\u00f3digo remota."}], "lastModified": "2024-11-21T03:27:11.950", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:geutebrueck:ip_camera_g-cam_efd-2250_firmware:1.11.0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C819335E-155F-48FB-AF1F-08409FB61116"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:geutebrueck:ip_camera_g-cam_efd-2250:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1C1D0562-45CA-421F-9167-567878182D82"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}