fkie_nvd - fkie_cve-2017-12822

fkie_cve-2017-12822

Vulnerability from fkie_nvd

Published

2017-10-04 01:29

Modified

2025-04-20 01:37

Severity ?

9.9 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

Summary

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors.

References

URL	Tags
vulnerability@kaspersky.com	http://www.securityfocus.com/bid/102906
vulnerability@kaspersky.com	https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf
vulnerability@kaspersky.com	https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-008-sentinel-ldk-rte-remote-enabling-and-disabling-admin-interface/	Third Party Advisory
vulnerability@kaspersky.com	https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102906
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-008-sentinel-ldk-rte-remote-enabling-and-disabling-admin-interface/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01

Impacted products

	Vendor	Product	Version
	sentinel	sentinel_ldk_rte_firmware	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sentinel:sentinel_ldk_rte_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCEE1CD0-CB56-4117-A1CA-FAD2F6E5DDF7",
              "versionEndIncluding": "7.50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Remote enabling and disabling admin interface in Gemalto\u0027s HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors."
    },
    {
      "lang": "es",
      "value": "La habilitaci\u00f3n y deshabilitaci\u00f3n remota de la interfaz de administraci\u00f3n en los productos HASP SRM, Sentinel HASP y Sentinel LDK de Gemalto anteriores a la versi\u00f3n 7.55 de Sentinel LDK RTE podr\u00eda permitir que se originen nuevos vectores de ataque."
    }
  ],
  "id": "CVE-2017-12822",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 9.9,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.3,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-04T01:29:02.277",
  "references": [
    {
      "source": "vulnerability@kaspersky.com",
      "url": "http://www.securityfocus.com/bid/102906"
    },
    {
      "source": "vulnerability@kaspersky.com",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
    },
    {
      "source": "vulnerability@kaspersky.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-008-sentinel-ldk-rte-remote-enabling-and-disabling-admin-interface/"
    },
    {
      "source": "vulnerability@kaspersky.com",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/102906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2017/10/02/klcert-17-008-sentinel-ldk-rte-remote-enabling-and-disabling-admin-interface/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01"
    }
  ],
  "sourceIdentifier": "vulnerability@kaspersky.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2017-12822 (GCVE-0-2017-12822)

Vulnerability from cvelistv5

Published

2017-10-03 13:00