Vulnerability-Lookup

CNVD-2018-00621

Vulnerability from cnvd - Published: 2018-01-10

Title

AMAG Symmetry Door Edge Network Controllers命令执行漏洞

Description

AMAG Symmetry Door Edge Network Controllers是美国的AMAG科技公司的一款对称边缘门禁控制器产品。 AMAG Symmetry Door Edge Network Controllers中存在安全漏洞，该漏洞源于不正确的访问控制。远程攻击者可通过向受影响设备发送请求利用该漏洞执行命令（例如：开锁，锁门或添加ID卡值）。

Severity

中

Patch Name

AMAG Symmetry Door Edge Network Controllers命令执行漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.secureworks.com/research/advisory-2017-001

Reference

https://cxsecurity.com/cveshow/CVE-2017-16241/

Impacted products

Name
AMAG Symmetry Door Edge Network Controllers

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-16241",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16241"
    }
  },
  "description": "AMAG Symmetry Door Edge Network Controllers\u662f\u7f8e\u56fd\u7684AMAG\u79d1\u6280\u516c\u53f8\u7684\u4e00\u6b3e\u5bf9\u79f0\u8fb9\u7f18\u95e8\u7981\u63a7\u5236\u5668\u4ea7\u54c1\u3002\r\n\r\nAMAG Symmetry Door Edge Network Controllers\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4e0d\u6b63\u786e\u7684\u8bbf\u95ee\u63a7\u5236\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u8bbe\u5907\u53d1\u9001\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u547d\u4ee4\uff08\u4f8b\u5982\uff1a\u5f00\u9501\uff0c\u9501\u95e8\u6216\u6dfb\u52a0ID\u5361\u503c\uff09\u3002",
  "discovererName": "Mike Kelly and John Mocuta of Secureworks",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.secureworks.com/research/advisory-2017-001",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-00621",
  "openTime": "2018-01-10",
  "patchDescription": "AMAG Symmetry Door Edge Network Controllers\u662f\u7f8e\u56fd\u7684AMAG\u79d1\u6280\u516c\u53f8\u7684\u4e00\u6b3e\u5bf9\u79f0\u8fb9\u7f18\u95e8\u7981\u63a7\u5236\u5668\u4ea7\u54c1\u3002\r\n\r\nAMAG Symmetry Door Edge Network Controllers\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4e0d\u6b63\u786e\u7684\u8bbf\u95ee\u63a7\u5236\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u8bbe\u5907\u53d1\u9001\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u547d\u4ee4\uff08\u4f8b\u5982\uff1a\u5f00\u9501\uff0c\u9501\u95e8\u6216\u6dfb\u52a0ID\u5361\u503c\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "AMAG Symmetry Door Edge Network Controllers\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "AMAG Symmetry Door Edge Network Controllers"
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2017-16241/",
  "serverity": "\u4e2d",
  "submitTime": "2017-12-11",
  "title": "AMAG Symmetry Door Edge Network Controllers\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}

CVE-2017-16241 (GCVE-0-2017-16241)

Vulnerability from cvelistv5 – Published: 2017-12-10 01:00 – Updated: 2024-08-05 20:20

Summary

Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://hushcon.com/schedule.html	x_refsource_MISC
	https://www.secureworks.com/research/advisory-2017-001	x_refsource_MISC
	https://github.com/lixmk/Concierge	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:20:04.843Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hushcon.com/schedule.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.secureworks.com/research/advisory-2017-001"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/lixmk/Concierge"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hushcon.com/schedule.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.secureworks.com/research/advisory-2017-001"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/lixmk/Concierge"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16241",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://hushcon.com/schedule.html",
              "refsource": "MISC",
              "url": "https://hushcon.com/schedule.html"
            },
            {
              "name": "https://www.secureworks.com/research/advisory-2017-001",
              "refsource": "MISC",
              "url": "https://www.secureworks.com/research/advisory-2017-001"
            },
            {
              "name": "https://github.com/lixmk/Concierge",
              "refsource": "MISC",
              "url": "https://github.com/lixmk/Concierge"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-16241",
    "datePublished": "2017-12-10T01:00:00",
    "dateReserved": "2017-10-31T00:00:00",
    "dateUpdated": "2024-08-05T20:20:04.843Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-00621

CVE-2017-16241 (GCVE-0-2017-16241)

Tags

Sightings

Nomenclature