CVE-2017-9387

{"id": "CVE-2017-9387", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2019-06-17T20:15:09.383", "references": [{"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Vera_sec_issues.pdf", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://seclists.org/bugtraq/2019/Jun/8", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Vera_sec_issues.pdf", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://seclists.org/bugtraq/2019/Jun/8", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called relay.sh which is used for creating new SSH relays for the device so that the device connects to Vera servers. All the parameters passed in this specific script are logged to a log file called log.relay in the /tmp folder. The user can also read all the log files from the device using a script called log.sh. However, when the script loads the log files it displays them with content-type text/html and passes all the logs through the ansi2html binary which converts all the character text including HTML meta-characters correctly to be displayed in the browser. This allows an attacker to use the log files as a storing mechanism for the XSS payload and thus whenever a user navigates to that log.sh script, it enables the XSS payload and allows an attacker to execute his malicious payload on the user's browser."}, {"lang": "es", "value": "Se detect\u00f3 un problema en los dispositivos VeraEdge versi\u00f3n 1.7.19 y Veralite versi\u00f3n 1.7.481 de Vera. El dispositivo proporciona un script shell llamado relay.sh que se utiliza para crear nuevos rel\u00e9s SSH para el dispositivo, de manera que el dispositivo se conecte a los servidores Vera. Todos los par\u00e1metros pasados ??en este script espec\u00edfico se registran en un archivo de registro llamado log.relay en la carpeta /tmp. El usuario tambi\u00e9n puede leer todos los archivos de registro del dispositivo usando un script llamado log.sh. Sin embargo, cuando el script carga los archivos de registro, los muestra con text/html de tipo de contenido y pasa todos los registros por medio del binario ansi2html que convierte todo el texto de caracteres, incluidos los metacaracteres HTML, para que se muestren correctamente en el navegador. Esto permite que un atacante use los archivos de registro como un mecanismo de almacenamiento para la carga XSS y, por lo tanto, cada vez que un usuario navega a ese script log.sh, habilita la carga XSS y permite que un atacante ejecute su carga maliciosa en el navegador del usuario."}], "lastModified": "2024-11-21T03:35:59.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:getvera:veraedge_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49C1D79D-A586-4D41-A10C-1815E6E0D765", "versionEndIncluding": "1.7.19"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:getvera:veraedge:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0A3D3CAC-84A4-4F14-8FB6-1E6437F8D2C0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:getvera:veralite_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC96E7A8-DB6C-47C8-9B33-AE4ED418C70E", "versionEndIncluding": "1.7.481"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:getvera:veralite:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "914728A7-7BA3-4612-A6AA-172B24431947"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}