var-201702-0686
Vulnerability from variot
An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions and obtain sensitive information. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0686",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "hanwha security",
"version": "1.5"
},
{
"model": "smart security manager",
"scope": "lte",
"trust": 0.8,
"vendor": "hanwha techwin",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "lte",
"trust": 0.6,
"vendor": "hanwha",
"version": "\u003c=1.5"
},
{
"model": "smart security manager",
"scope": "eq",
"trust": 0.6,
"vendor": "hanwha techwin",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.4"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.31"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "smart security manager",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hanwha_techwin:smart_security_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley of Source Incite.",
"sources": [
{
"db": "BID",
"id": "96147"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5168",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CVE-2017-5168",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-01645",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2017-5168",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5168",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-5168",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-5168",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-01645",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-461",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. \nExploiting these issues may allow a remote attacker to perform certain unauthorized actions and obtain sensitive information. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5168",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-040-01",
"trust": 2.7
},
{
"db": "BID",
"id": "96147",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-01645",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710",
"trust": 0.8
},
{
"db": "IVD",
"id": "13E5304E-4192-41E8-9E8E-2B72B96F950E",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
}
]
},
"id": "VAR-201702-0686",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
}
]
},
"last_update_date": "2024-11-23T22:07:38.732000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSM(Smart Security Manager)",
"trust": 0.8,
"url": "http://www.hanwha-security.com/prod/info.do?menuCd=MN000185\u0026catg1=MC000087\u0026catg2=MC000089\u0026catg3=\u0026mdlCd=MC000825"
},
{
"title": "Hanwha Techwin Smart Security Manager privilege escalation vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/89536"
},
{
"title": "Hanwha Techwin Smart Security Manager ActiveMQ Broker Repair of service path traversal vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67752"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-040-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/96147"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5168"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5168"
},
{
"trust": 0.3,
"url": "http://www.hanwha-security.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"date": "2017-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"date": "2017-02-09T00:00:00",
"db": "BID",
"id": "96147"
},
{
"date": "2017-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"date": "2017-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-461"
},
{
"date": "2017-02-13T21:59:03.050000",
"db": "NVD",
"id": "CVE-2017-5168"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"date": "2017-03-07T04:01:00",
"db": "BID",
"id": "96147"
},
{
"date": "2017-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"date": "2021-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-461"
},
{
"date": "2024-11-21T03:27:11.550000",
"db": "NVD",
"id": "CVE-2017-5168"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smart Security Manager of ActiveMQ Broker Path traversal vulnerability in services",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…