var-201702-0681
Vulnerability from variot
An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal. BeldenHirschmannGECKOLiteManagedSwitch is a switch product from Belden Corporation of the United States. An information disclosure vulnerability exists in BeldenHirschmannGECKOLiteManagedSwitch 2.0.00 and earlier. An attacker could exploit this vulnerability to obtain sensitive information. This may result in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0681",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gecko lite managed switch",
"scope": "lte",
"trust": 1.0,
"vendor": "belden hirschmann",
"version": "2.0.00"
},
{
"model": "gecko lite managed switch",
"scope": null,
"trust": 0.8,
"vendor": "belden",
"version": null
},
{
"model": "gecko lite managed switch",
"scope": "lte",
"trust": 0.8,
"vendor": "belden",
"version": "2.0.00"
},
{
"model": "hirschmann gecko lite managed switch",
"scope": "lte",
"trust": 0.6,
"vendor": "belden",
"version": "\u003c=2.0.00"
},
{
"model": "gecko lite managed switch",
"scope": "eq",
"trust": 0.6,
"vendor": "belden hirschmann",
"version": "2.0.00"
},
{
"model": "hirschmann gecko lite managed switch",
"scope": "eq",
"trust": 0.3,
"vendor": "belden",
"version": "2.0"
},
{
"model": "hirschmann gecko lite managed switch",
"scope": "ne",
"trust": 0.3,
"vendor": "belden",
"version": "2.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "gecko lite managed switch",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a34ae3a0-f5e1-4cf5-8d14-5eb39e89375f"
},
{
"db": "CNVD",
"id": "CNVD-2017-01671"
},
{
"db": "BID",
"id": "95815"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001953"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-269"
},
{
"db": "NVD",
"id": "CVE-2017-5163"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:belden:gecko_lite_managed_switch",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:belden:gecko_lite_managed_switch_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001953"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Davy Douhine of RandoriSec identified this vulnerability.",
"sources": [
{
"db": "BID",
"id": "95815"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-269"
}
],
"trust": 0.9
},
"cve": "CVE-2017-5163",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-5163",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-01671",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "a34ae3a0-f5e1-4cf5-8d14-5eb39e89375f",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-113366",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2017-5163",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5163",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-5163",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-01671",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-269",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a34ae3a0-f5e1-4cf5-8d14-5eb39e89375f",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-113366",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a34ae3a0-f5e1-4cf5-8d14-5eb39e89375f"
},
{
"db": "CNVD",
"id": "CNVD-2017-01671"
},
{
"db": "VULHUB",
"id": "VHN-113366"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001953"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-269"
},
{
"db": "NVD",
"id": "CVE-2017-5163"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal. BeldenHirschmannGECKOLiteManagedSwitch is a switch product from Belden Corporation of the United States. An information disclosure vulnerability exists in BeldenHirschmannGECKOLiteManagedSwitch 2.0.00 and earlier. An attacker could exploit this vulnerability to obtain sensitive information. This may result in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5163"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001953"
},
{
"db": "CNVD",
"id": "CNVD-2017-01671"
},
{
"db": "BID",
"id": "95815"
},
{
"db": "IVD",
"id": "a34ae3a0-f5e1-4cf5-8d14-5eb39e89375f"
},
{
"db": "VULHUB",
"id": "VHN-113366"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5163",
"trust": 3.6
},
{
"db": "BID",
"id": "95815",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-026-02",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201702-269",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-01671",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-026-02A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001953",
"trust": 0.8
},
{
"db": "IVD",
"id": "A34AE3A0-F5E1-4CF5-8D14-5EB39E89375F",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-113366",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a34ae3a0-f5e1-4cf5-8d14-5eb39e89375f"
},
{
"db": "CNVD",
"id": "CNVD-2017-01671"
},
{
"db": "VULHUB",
"id": "VHN-113366"
},
{
"db": "BID",
"id": "95815"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001953"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-269"
},
{
"db": "NVD",
"id": "CVE-2017-5163"
}
]
},
"id": "VAR-201702-0681",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a34ae3a0-f5e1-4cf5-8d14-5eb39e89375f"
},
{
"db": "CNVD",
"id": "CNVD-2017-01671"
},
{
"db": "VULHUB",
"id": "VHN-113366"
}
],
"trust": 1.5176470499999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a34ae3a0-f5e1-4cf5-8d14-5eb39e89375f"
},
{
"db": "CNVD",
"id": "CNVD-2017-01671"
}
]
},
"last_update_date": "2024-11-23T22:22:36.886000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Lite Managed Industrial Switch - GECKO 4TX",
"trust": 0.8,
"url": "http://www.hirschmann.com/en/Hirschmann_Produkte/Industrial_Ethernet/GECKO_4TX/index.phtml"
},
{
"title": "BeldenHirschmannGECKOLiteManagedSwitch Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/89569"
},
{
"title": "Belden Hirschmann GECKO Lite Managed Switch Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67554"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01671"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001953"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-269"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113366"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001953"
},
{
"db": "NVD",
"id": "CVE-2017-5163"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/95815"
},
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-026-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5163"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-026-02a"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5163"
},
{
"trust": 0.3,
"url": "https://www.belden.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-026-02 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01671"
},
{
"db": "VULHUB",
"id": "VHN-113366"
},
{
"db": "BID",
"id": "95815"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001953"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-269"
},
{
"db": "NVD",
"id": "CVE-2017-5163"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a34ae3a0-f5e1-4cf5-8d14-5eb39e89375f"
},
{
"db": "CNVD",
"id": "CNVD-2017-01671"
},
{
"db": "VULHUB",
"id": "VHN-113366"
},
{
"db": "BID",
"id": "95815"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001953"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-269"
},
{
"db": "NVD",
"id": "CVE-2017-5163"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-21T00:00:00",
"db": "IVD",
"id": "a34ae3a0-f5e1-4cf5-8d14-5eb39e89375f"
},
{
"date": "2017-02-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01671"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-113366"
},
{
"date": "2017-01-26T00:00:00",
"db": "BID",
"id": "95815"
},
{
"date": "2017-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001953"
},
{
"date": "2017-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-269"
},
{
"date": "2017-02-13T21:59:02.877000",
"db": "NVD",
"id": "CVE-2017-5163"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01671"
},
{
"date": "2017-03-03T00:00:00",
"db": "VULHUB",
"id": "VHN-113366"
},
{
"date": "2017-02-02T02:02:00",
"db": "BID",
"id": "95815"
},
{
"date": "2017-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001953"
},
{
"date": "2017-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-269"
},
{
"date": "2024-11-21T03:27:10.950000",
"db": "NVD",
"id": "CVE-2017-5163"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-269"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belden Hirschmann GECKO Lite Managed Switch Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "a34ae3a0-f5e1-4cf5-8d14-5eb39e89375f"
},
{
"db": "CNVD",
"id": "CNVD-2017-01671"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-269"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "a34ae3a0-f5e1-4cf5-8d14-5eb39e89375f"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-269"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…