CVE-2017-9317 (GCVE-0-2017-9317)
Vulnerability from cvelistv5
Published
2018-05-23 15:00
Modified
2024-09-16 19:36
Severity ?
CWE
  • Privilege escalation
Summary
Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.
References
cybersecurity@dahuatech.comhttps://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337Patch, Vendor Advisory
Impacted products
Vendor Product Version
Dahua Technologies XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX Version: Build before 2017/09
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:02:44.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX",
          "vendor": "Dahua Technologies",
          "versions": [
            {
              "status": "affected",
              "version": "Build before 2017/09"
            }
          ]
        }
      ],
      "datePublic": "2018-03-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-23T14:57:01",
        "orgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
        "shortName": "dahua"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@dahuatech.com",
          "DATE_PUBLIC": "2018-03-16T00:00:00",
          "ID": "CVE-2017-9317",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "XVR 5x04, XVR 5x08, XVR 5x16, XVR 7x16, IPC-HDBW4XXX, IPC-HDBW5XXX",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Build before 2017/09"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dahua Technologies"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337",
              "refsource": "CONFIRM",
              "url": "https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79ee569e-7d1e-4364-98f0-3a18e2a739ad",
    "assignerShortName": "dahua",
    "cveId": "CVE-2017-9317",
    "datePublished": "2018-05-23T15:00:00Z",
    "dateReserved": "2017-05-30T00:00:00",
    "dateUpdated": "2024-09-16T19:36:50.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-9317\",\"sourceIdentifier\":\"cybersecurity@dahuatech.com\",\"published\":\"2018-05-23T15:29:00.207\",\"lastModified\":\"2024-11-21T03:35:49.613\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado una vulnerabilidad de escalado de privilegios en algunos dispositivos Dahua IP. Un atacante en posesi\u00f3n de una cuenta con bajos privilegios puede obtener acceso a informaci\u00f3n de credenciales de una cuenta con altos privilegios y obtener informaci\u00f3n sobre el dispositivo o atacarlo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:xvr5x16_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.218.0000002.1.r.171229\",\"matchCriteriaId\":\"59E05D25-E22C-4239-9803-03C060886FA0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:xvr5x16:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2330FA1-AE30-4B9D-981F-932C8FB9920A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:xvr5x08_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.218.0000002.1.r.171229\",\"matchCriteriaId\":\"45D055D5-7BA3-4411-9127-05FCC31D01B2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:xvr5x08:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B79EC839-5AE5-4F77-95D3-7CEB7464E88E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:xvr5x04_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.218.0000002.1.r.171229\",\"matchCriteriaId\":\"63C550AC-0214-42FA-8ACF-8DC86F7FFADC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:xvr5x04:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B81F3251-8E82-42B1-9F30-22DE149A9E30\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:xvr7x16_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.218.0000002.1.r.171229\",\"matchCriteriaId\":\"04FF13D0-D69E-4393-AF26-ADD8F3B5F191\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:xvr7x16:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93F8EAB9-77A2-4BAA-A4A6-D0FE852D1A5C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdbw4xxx_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.622.0000000.18.r.20171110\",\"matchCriteriaId\":\"0F9CD479-B6BB-402F-BFBB-FC0B647A2A03\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hdbw4xxx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5855375E-7076-4673-ABD6-68D52AC6E3AE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdbw4xxx_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.621.0000.28.r.20170912\",\"matchCriteriaId\":\"68159A96-4C1A-4606-AA79-5F8D7C827EF6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hdbw4xxx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5855375E-7076-4673-ABD6-68D52AC6E3AE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdbw5xxx_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.622.0000000.18.r.20171110\",\"matchCriteriaId\":\"C99060D8-BEB4-467E-B848-6933E562230D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hdbw5xxx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6A4F9A7-6E9E-4081-8028-3AF07BC3984C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dahuasecurity:ipc-hdbw5xxx_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.621.0000.28.r.20170912\",\"matchCriteriaId\":\"159BC39A-E64C-46D6-85EB-4FA142DD45C8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dahuasecurity:ipc-hdbw5xxx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6A4F9A7-6E9E-4081-8028-3AF07BC3984C\"}]}]}],\"references\":[{\"url\":\"https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337\",\"source\":\"cybersecurity@dahuatech.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.dahuasecurity.com/support/cybersecurity/annoucementNotice/337\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.