Vulnerability-Lookup

CVE-2017-13129 (GCVE-0-2017-13129)

Vulnerability from cvelistv5 – Published: 2017-09-26 14:00 – Updated: 2024-08-05 18:58

Summary

Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.

Severity

8.0 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

2 references

URL	Tags
http://seclists.org/fulldisclosure/2017/Sep/38	mailing-listx_refsource_FULLDISC
http://seclists.org/bugtraq/2017/Sep/19	mailing-listx_refsource_BUGTRAQ

Date Public

2017-09-17 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:58:12.416Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20170917 ZKTime_Web Software 2.0 - Cross Site Request Forgery",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Sep/38"
          },
          {
            "name": "20170918 ZKTime_Web Software 2.0 - Cross Site Request Forgery",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2017/Sep/19"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-09-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-26T13:57:02.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20170917 ZKTime_Web Software 2.0 - Cross Site Request Forgery",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Sep/38"
        },
        {
          "name": "20170918 ZKTime_Web Software 2.0 - Cross Site Request Forgery",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2017/Sep/19"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-13129",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20170917 ZKTime_Web Software 2.0 - Cross Site Request Forgery",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2017/Sep/38"
            },
            {
              "name": "20170918 ZKTime_Web Software 2.0 - Cross Site Request Forgery",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2017/Sep/19"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-13129",
    "datePublished": "2017-09-26T14:00:00.000Z",
    "dateReserved": "2017-08-22T00:00:00.000Z",
    "dateUpdated": "2024-08-05T18:58:12.416Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-13129",
      "date": "2026-06-04",
      "epss": "0.00156",
      "percentile": "0.36132"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-13129\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-09-26T14:29:00.453\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la versi\u00f3n 2.0.1.12280 de ZKTeco ZKTime Web permite que los usuarios autenticados remotos secuestren la autenticaci\u00f3n de los administradores para peticiones que a\u00f1adan administradores aprovechando la falta de tokens anti-CSRF.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:P/A:P\",\"baseScore\":6.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.8,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zkteco:zktime_web:2.0.1.12280:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48A66D7A-0989-48D3-A4C7-FF847300A6AB\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/bugtraq/2017/Sep/19\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2017/Sep/38\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/bugtraq/2017/Sep/19\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2017/Sep/38\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2017-34840

Vulnerability from cnvd - Published: 2017-11-22

Title

ZKTeco ZKTime Web跨站请求伪造漏洞

Description

ZKTime Web是一款基于Web的考勤软件，通过GPRS/WAN为设备提供了稳定的通信，因此用户可以通过Web浏览器在任何地方访问软件，可在复杂的网络条件下远程管理数百个T＆A终端（WLAN）。 ZKTeco ZKTime Web存在跨站请求伪造漏洞，攻击者可劫持管理员的添加管理员请求的认证。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新：https://www.zkteco.com/product/ZKTime_Web_2.0_435.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-13129 http://seclists.org/fulldisclosure/2017/Sep/38

Impacted products

Name
ZKTeco ZKTime Web 2.0.1.12280

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-13129"
    }
  },
  "description": "ZKTime Web\u662f\u4e00\u6b3e\u57fa\u4e8eWeb\u7684\u8003\u52e4\u8f6f\u4ef6\uff0c\u901a\u8fc7GPRS/WAN\u4e3a\u8bbe\u5907\u63d0\u4f9b\u4e86\u7a33\u5b9a\u7684\u901a\u4fe1\uff0c\u56e0\u6b64\u7528\u6237\u53ef\u4ee5\u901a\u8fc7Web\u6d4f\u89c8\u5668\u5728\u4efb\u4f55\u5730\u65b9\u8bbf\u95ee\u8f6f\u4ef6\uff0c\u53ef\u5728\u590d\u6742\u7684\u7f51\u7edc\u6761\u4ef6\u4e0b\u8fdc\u7a0b\u7ba1\u7406\u6570\u767e\u4e2aT\uff06A\u7ec8\u7aef\uff08WLAN\uff09\u3002\r\n\r\nZKTeco ZKTime Web\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u52ab\u6301\u7ba1\u7406\u5458\u7684\u6dfb\u52a0\u7ba1\u7406\u5458\u8bf7\u6c42\u7684\u8ba4\u8bc1\u3002",
  "discovererName": "unknow",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1ahttps://www.zkteco.com/product/ZKTime_Web_2.0_435.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-34840",
  "openTime": "2017-11-22",
  "products": {
    "product": "ZKTeco ZKTime Web 2.0.1.12280"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-13129\r\nhttp://seclists.org/fulldisclosure/2017/Sep/38",
  "serverity": "\u4e2d",
  "submitTime": "2017-09-27",
  "title": "ZKTeco ZKTime Web\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

FKIE_CVE-2017-13129

Vulnerability from fkie_nvd - Published: 2017-09-26 14:29 - Updated: 2026-05-13 00:24

Severity

8.0 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://seclists.org/bugtraq/2017/Sep/19	Mailing List, Third Party Advisory
cve@mitre.org	http://seclists.org/fulldisclosure/2017/Sep/38	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/bugtraq/2017/Sep/19	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2017/Sep/38	Mailing List, Third Party Advisory

Impacted products

	Vendor	Product	Version
	zkteco	zktime_web	2.0.1.12280

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zkteco:zktime_web:2.0.1.12280:*:*:*:*:*:*:*",
              "matchCriteriaId": "48A66D7A-0989-48D3-A4C7-FF847300A6AB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la versi\u00f3n 2.0.1.12280 de ZKTeco ZKTime Web permite que los usuarios autenticados remotos secuestren la autenticaci\u00f3n de los administradores para peticiones que a\u00f1adan administradores aprovechando la falta de tokens anti-CSRF."
    }
  ],
  "id": "CVE-2017-13129",
  "lastModified": "2026-05-13T00:24:29.033",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-26T14:29:00.453",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/bugtraq/2017/Sep/19"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2017/Sep/38"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/bugtraq/2017/Sep/19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2017/Sep/38"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2CWJ-97VW-WC3W

Vulnerability from github – Published: 2022-05-17 00:35 – Updated: 2022-05-17 00:35

Details

Severity

8.0 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-13129"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-26T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.",
  "id": "GHSA-2cwj-97vw-wc3w",
  "modified": "2022-05-17T00:35:41Z",
  "published": "2022-05-17T00:35:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13129"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/bugtraq/2017/Sep/19"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2017/Sep/38"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-13129

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-13129

Aliases

CVE-2017-13129

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-13129",
    "description": "Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.",
    "id": "GSD-2017-13129",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2017-13129"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-13129"
      ],
      "details": "Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens.",
      "id": "GSD-2017-13129",
      "modified": "2023-12-13T01:21:01.704112Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-13129",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20170917 ZKTime_Web Software 2.0 - Cross Site Request Forgery",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2017/Sep/38"
          },
          {
            "name": "20170918 ZKTime_Web Software 2.0 - Cross Site Request Forgery",
            "refsource": "BUGTRAQ",
            "url": "http://seclists.org/bugtraq/2017/Sep/19"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:zkteco:zktime_web:2.0.1.12280:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-13129"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20170917 ZKTime_Web Software 2.0 - Cross Site Request Forgery",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Sep/38"
            },
            {
              "name": "20170918 ZKTime_Web Software 2.0 - Cross Site Request Forgery",
              "refsource": "BUGTRAQ",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/bugtraq/2017/Sep/19"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.1,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-10-03T16:58Z",
      "publishedDate": "2017-09-26T14:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-13129 (GCVE-0-2017-13129)

CNVD-2017-34840

FKIE_CVE-2017-13129

GHSA-2CWJ-97VW-WC3W

GSD-2017-13129

Tags

Sightings

Nomenclature