Search criteria
2 vulnerabilities found for ProSAFE Plus Configuration Utility by NETGEAR
VAR-201704-0921
Vulnerability from variot - Updated: 2023-12-18 13:57ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests. ProSAFE Plus Configuration Utility provided by NETGEAR is a Windows application to configure and manage NETGEAR's ProSAFE Plus and Click Switches. An operator uses the utility to login and configure NETGEAR switches. When the utility is invoked, it starts listening on a certain port for SOAP requests. The utility accepts connections from network, hence unintended operation may be conducted on the switches through the utility (CWE-284). Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. NetGearProSafe is a smart switch product that monitors and configures the network
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0921",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prosafe plus configuration utility",
"scope": "lte",
"trust": 1.0,
"vendor": "netgear",
"version": "2.3.28"
},
{
"model": "prosafe plus configuration utility",
"scope": "eq",
"trust": 0.8,
"vendor": "netgear",
"version": "prior to 2.3.29"
},
{
"model": "prosafe plus configuration utility",
"scope": "lt",
"trust": 0.6,
"vendor": "netgear",
"version": "2.3.29"
},
{
"model": "prosafe plus configuration utility",
"scope": "eq",
"trust": 0.6,
"vendor": "netgear",
"version": "2.3.28"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05116"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000055"
},
{
"db": "NVD",
"id": "CVE-2017-2137"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-104"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netgear:prosafe_plus_configuration_utility:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.3.28",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2137"
}
]
},
"cve": "CVE-2017-2137",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.9,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000055",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-05116",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-110340",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.4,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000055",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2137",
"trust": 1.0,
"value": "LOW"
},
{
"author": "IPA",
"id": "JVNDB-2017-000055",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2017-05116",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-104",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-110340",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05116"
},
{
"db": "VULHUB",
"id": "VHN-110340"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000055"
},
{
"db": "NVD",
"id": "CVE-2017-2137"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-104"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests. ProSAFE Plus Configuration Utility provided by NETGEAR is a Windows application to configure and manage NETGEAR\u0027s ProSAFE Plus and Click Switches. An operator uses the utility to login and configure NETGEAR switches. When the utility is invoked, it starts listening on a certain port for SOAP requests. The utility accepts connections from network, hence unintended operation may be conducted on the switches through the utility (CWE-284). Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. NetGearProSafe is a smart switch product that monitors and configures the network",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2137"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000055"
},
{
"db": "CNVD",
"id": "CNVD-2017-05116"
},
{
"db": "VULHUB",
"id": "VHN-110340"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2137",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN08740778",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000055",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-104",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-05116",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110340",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05116"
},
{
"db": "VULHUB",
"id": "VHN-110340"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000055"
},
{
"db": "NVD",
"id": "CVE-2017-2137"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-104"
}
]
},
"id": "VAR-201704-0921",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05116"
},
{
"db": "VULHUB",
"id": "VHN-110340"
}
],
"trust": 1.2999999999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05116"
}
]
},
"last_update_date": "2023-12-18T13:57:25.767000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Advisory for Insecure SOAP Access in ProSAFE Plus Configuration Utility, PSV-2017-1997",
"trust": 0.8,
"url": "https://kb.netgear.com/000038443/security-advisory-for-insecure-soap-access-in-prosafe-plus-configuration-utility-psv-2017-1997?cid=wmt_netgear_organic"
},
{
"title": "NETGEARProSAFEPlusConfigurationUtility does not correctly access patches that control vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/92452"
},
{
"title": "NetGear ProSAFE Plus Configuration Utility Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69779"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05116"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000055"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-104"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110340"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000055"
},
{
"db": "NVD",
"id": "CVE-2017-2137"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn08740778/index.html"
},
{
"trust": 1.7,
"url": "https://kb.netgear.com/000038443/security-advisory-for-insecure-soap-access-in-prosafe-plus-configuration-utility-psv-2017-1997"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2137"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2137"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn08740778/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05116"
},
{
"db": "VULHUB",
"id": "VHN-110340"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000055"
},
{
"db": "NVD",
"id": "CVE-2017-2137"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-104"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-05116"
},
{
"db": "VULHUB",
"id": "VHN-110340"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000055"
},
{
"db": "NVD",
"id": "CVE-2017-2137"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-104"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05116"
},
{
"date": "2017-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-110340"
},
{
"date": "2017-04-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000055"
},
{
"date": "2017-04-28T16:59:01.637000",
"db": "NVD",
"id": "CVE-2017-2137"
},
{
"date": "2017-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-104"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05116"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-110340"
},
{
"date": "2017-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000055"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-2137"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-104"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-104"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000055"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-104"
}
],
"trust": 0.6
}
}
JVNDB-2017-000055
Vulnerability from jvndb - Published: 2017-04-18 13:42 - Updated:2017-06-01 15:24
Severity ?
Summary
NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control
Details
ProSAFE Plus Configuration Utility provided by NETGEAR is a Windows application to configure and manage NETGEAR's ProSAFE Plus and Click Switches. An operator uses the utility to login and configure NETGEAR switches.
When the utility is invoked, it starts listening on a certain port for SOAP requests. The utility executes configuration tasks for switches according to the SOAP requests.
The utility accepts connections from network, hence unintended operation may be conducted on the switches through the utility (CWE-284).
Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000055.html",
"dc:date": "2017-06-01T15:24+09:00",
"dcterms:issued": "2017-04-18T13:42+09:00",
"dcterms:modified": "2017-06-01T15:24+09:00",
"description": "ProSAFE Plus Configuration Utility provided by NETGEAR is a Windows application to configure and manage NETGEAR\u0027s ProSAFE Plus and Click Switches. An operator uses the utility to login and configure NETGEAR switches.\r\nWhen the utility is invoked, it starts listening on a certain port for SOAP requests. The utility executes configuration tasks for switches according to the SOAP requests.\r\nThe utility accepts connections from network, hence unintended operation may be conducted on the switches through the utility (CWE-284).\r\n\r\nTakayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000055.html",
"sec:cpe": {
"#text": "cpe:/o:netgear:prosafe_plus_configuration_utility",
"@product": "ProSAFE Plus Configuration Utility",
"@vendor": "NETGEAR",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.9",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "3.4",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000055",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN08740778/index.html",
"@id": "JVN#08740778",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2137",
"@id": "CVE-2017-2137",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2137",
"@id": "CVE-2017-2137",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control"
}