Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Eclipse Kura Installer by Eclipse Foundation

    CVE-2017-7649 (GCVE-0-2017-7649)

    Vulnerability from nvd – Published: 2017-09-11 16:00 – Updated: 2024-09-16 17:34
    VLAI
    Summary
    The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox "exec" command. As the process is running as "root" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address.
    Severity
    No CVSS data available.
    CWE
    • privileged remote code execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Eclipse Foundation Eclipse Kura Installer Affected: unspecified , < 2.1.0 (custom)
    Create a notification for this product.
    Date Public
    2017-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:12:27.904Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/eclipse/kura/issues/956"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Eclipse Kura Installer",
              "vendor": "Eclipse Foundation",
              "versions": [
                {
                  "lessThan": "2.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The network enabled distribution of Kura before 2.1.0 takes control over the device\u0027s firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox \"exec\" command. As the process is running as \"root\" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "privileged remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-11T15:57:01.000Z",
            "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
            "shortName": "eclipse"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/eclipse/kura/issues/956"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@eclipse.org",
              "DATE_PUBLIC": "2017-04-04T00:00:00",
              "ID": "CVE-2017-7649",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Eclipse Kura Installer",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Eclipse Foundation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The network enabled distribution of Kura before 2.1.0 takes control over the device\u0027s firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox \"exec\" command. As the process is running as \"root\" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "privileged remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681"
                },
                {
                  "name": "https://github.com/eclipse/kura/issues/956",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/eclipse/kura/issues/956"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "assignerShortName": "eclipse",
        "cveId": "CVE-2017-7649",
        "datePublished": "2017-09-11T16:00:00.000Z",
        "dateReserved": "2017-04-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:34:17.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7649 (GCVE-0-2017-7649)

    Vulnerability from cvelistv5 – Published: 2017-09-11 16:00 – Updated: 2024-09-16 17:34
    VLAI
    Summary
    The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox "exec" command. As the process is running as "root" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address.
    Severity
    No CVSS data available.
    CWE
    • privileged remote code execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Eclipse Foundation Eclipse Kura Installer Affected: unspecified , < 2.1.0 (custom)
    Create a notification for this product.
    Date Public
    2017-04-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:12:27.904Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/eclipse/kura/issues/956"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Eclipse Kura Installer",
              "vendor": "Eclipse Foundation",
              "versions": [
                {
                  "lessThan": "2.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2017-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The network enabled distribution of Kura before 2.1.0 takes control over the device\u0027s firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox \"exec\" command. As the process is running as \"root\" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "privileged remote code execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-11T15:57:01.000Z",
            "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
            "shortName": "eclipse"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/eclipse/kura/issues/956"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@eclipse.org",
              "DATE_PUBLIC": "2017-04-04T00:00:00",
              "ID": "CVE-2017-7649",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Eclipse Kura Installer",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Eclipse Foundation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The network enabled distribution of Kura before 2.1.0 takes control over the device\u0027s firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox \"exec\" command. As the process is running as \"root\" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "privileged remote code execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681"
                },
                {
                  "name": "https://github.com/eclipse/kura/issues/956",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/eclipse/kura/issues/956"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "assignerShortName": "eclipse",
        "cveId": "CVE-2017-7649",
        "datePublished": "2017-09-11T16:00:00.000Z",
        "dateReserved": "2017-04-11T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:34:17.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }