Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for ProSAFE Plus Configuration Utility by NETGEAR

jvndb-2017-000055

Vulnerability from jvndb

Published

2017-04-18 13:42

Modified

2017-06-01 15:24

Severity ?

3.4 (Low) - cvssV3_0 - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Summary

NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control

Details

ProSAFE Plus Configuration Utility provided by NETGEAR is a Windows application to configure and manage NETGEAR's ProSAFE Plus and Click Switches. An operator uses the utility to login and configure NETGEAR switches. When the utility is invoked, it starts listening on a certain port for SOAP requests. The utility executes configuration tasks for switches according to the SOAP requests. The utility accepts connections from network, hence unintended operation may be conducted on the switches through the utility (CWE-284). Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN08740778/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2137
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2137
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

NETGEAR

ProSAFE Plus Configuration Utility

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000055.html",
  "dc:date": "2017-06-01T15:24+09:00",
  "dcterms:issued": "2017-04-18T13:42+09:00",
  "dcterms:modified": "2017-06-01T15:24+09:00",
  "description": "ProSAFE Plus Configuration Utility provided by NETGEAR is a Windows application to configure and manage NETGEAR\u0027s ProSAFE Plus and Click Switches. An operator uses the utility to login and configure NETGEAR switches.\r\nWhen the utility is invoked, it starts listening on a certain port for SOAP requests. The utility executes configuration tasks for switches according to the SOAP requests.\r\nThe utility accepts connections from network, hence unintended operation may be conducted on the switches through the utility (CWE-284).\r\n\r\nTakayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000055.html",
  "sec:cpe": {
    "#text": "cpe:/o:netgear:prosafe_plus_configuration_utility",
    "@product": "ProSAFE Plus Configuration Utility",
    "@vendor": "NETGEAR",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "2.9",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "3.4",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000055",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN08740778/index.html",
      "@id": "JVN#08740778",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2137",
      "@id": "CVE-2017-2137",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2137",
      "@id": "CVE-2017-2137",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control"
}