CVE-2017-6079

The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no feedback client-side from the web application: if the command is valid, it executes. An example is the wget command. The page that allows this has been confirmed in firmware as old as 2006.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://depthsecurity.com/blog/cve-2017-6079-blind-command-injection-in-edgewater-edgemarc-devices	Exploit Technical Description Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:ribboncommunications:edgemarc_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:ribboncommunications:edgemarc_4550:-:::::::*
	cpe:2.3:h:ribboncommunications:edgemarc_4552:-:::::::*
	cpe:2.3:h:ribboncommunications:edgemarc_4601:-:::::::*
	cpe:2.3:h:ribboncommunications:edgemarc_4700:-:::::::*
	cpe:2.3:h:ribboncommunications:edgemarc_4750:-:::::::*
	cpe:2.3:h:ribboncommunications:edgemarc_4800:-:::::::*
	cpe:2.3:h:ribboncommunications:edgemarc_4806:-:::::::*
	cpe:2.3:h:ribboncommunications:edgemarc_4808:-:::::::*
	cpe:2.3:h:ribboncommunications:edgemarc_7301:-:::::::*
	cpe:2.3:h:ribboncommunications:edgemarc_7400:-:::::::*

History

No history.

Information

Published : 2017-05-16 17:29

Updated : 2024-02-28 15:44

NVD link : CVE-2017-6079

Mitre link : CVE-2017-6079

CVE.ORG link : CVE-2017-6079

JSON object : View

Products Affected

ribboncommunications

edgemarc_4750
edgemarc_4800
edgemarc_firmware
edgemarc_7301
edgemarc_4550
edgemarc_7400
edgemarc_4552
edgemarc_4700
edgemarc_4808
edgemarc_4806
edgemarc_4601

CWE

NVD-CWE-noinfo

{"id": "CVE-2017-6079", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-05-16T17:29:00.323", "references": [{"url": "https://depthsecurity.com/blog/cve-2017-6079-blind-command-injection-in-edgewater-edgemarc-devices", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The HTTP web-management application on Edgewater Networks Edgemarc appliances has a hidden page that allows for user-defined commands such as specific iptables routes, etc., to be set. You can use this page as a web shell essentially to execute commands, though you get no feedback client-side from the web application: if the command is valid, it executes. An example is the wget command. The page that allows this has been confirmed in firmware as old as 2006."}, {"lang": "es", "value": "La aplicaci\u00f3n de administraci\u00f3n web HTTP en dispositivos Edgewater Networks Edgemarc, tiene una p\u00e1gina oculta que permite establecer comandos definidos por el usuario, como rutas iptables espec\u00edficas, etc.. Pueden utilizar esta p\u00e1gina como un shell web esencialmente para ejecutar comandos, aunque no consigan retroalimentaci\u00f3n del lado del cliente de la aplicaci\u00f3n web: si el comando es v\u00e1lido, se ejecuta. Un ejemplo es el comando wget. La p\u00e1gina que permite esto se ha confirmado en un firmware tan antiguo como el 2006."}], "lastModified": "2021-09-13T11:20:36.327", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ribboncommunications:edgemarc_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82C4112D-48DA-4829-9B4B-E5FF8B9491A7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ribboncommunications:edgemarc_4550:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E720E7F6-0BDA-4C02-B69A-854C178C94A1"}, {"criteria": "cpe:2.3:h:ribboncommunications:edgemarc_4552:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9D25CA9B-8D0D-45A2-8D00-03E0F7E40519"}, {"criteria": "cpe:2.3:h:ribboncommunications:edgemarc_4601:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "13F142C5-A17E-4AB8-BFC3-5AE338E53D13"}, {"criteria": "cpe:2.3:h:ribboncommunications:edgemarc_4700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F1C35E8B-21D7-4D84-9CE8-6E97FC0B5288"}, {"criteria": "cpe:2.3:h:ribboncommunications:edgemarc_4750:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A5132F55-CC24-4D3B-80B8-B52551AF0DBF"}, {"criteria": "cpe:2.3:h:ribboncommunications:edgemarc_4800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "512891B5-D948-48E2-9C0F-1A77C71B8426"}, {"criteria": "cpe:2.3:h:ribboncommunications:edgemarc_4806:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4FD19254-9B77-453C-80EA-1A259D7BD036"}, {"criteria": "cpe:2.3:h:ribboncommunications:edgemarc_4808:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "11ECF931-E24D-4562-8186-1482C3A5A4D6"}, {"criteria": "cpe:2.3:h:ribboncommunications:edgemarc_7301:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "71932337-DE5A-4773-ACDB-A1A4766B2886"}, {"criteria": "cpe:2.3:h:ribboncommunications:edgemarc_7400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3F81DF2A-8C5F-4FE2-82B3-D4809FACC4E6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}