FKIE_CVE-2017-17743

Vulnerability from fkie_nvd - Published: 2018-03-22 05:29 - Updated: 2024-11-21 03:18
Severity ?
6.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account.
References
cve@mitre.orghttps://securite.intrinsec.com/2018/03/19/cve-2017-17743-ucopia-shell-escape/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://securite.intrinsec.com/2018/03/19/cve-2017-17743-ucopia-shell-escape/Exploit, Third Party Advisory
Impacted products
Vendor Product Version
ucopia wireless_appliance_firmware *
ucopia wireless_appliance_firmware *
ucopia wireless_appliance_firmware *
ucopia wireless_appliance -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ucopia:wireless_appliance_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64DF4E1D-4B7A-4A05-A61E-D43B63EFCC07",
              "versionEndExcluding": "4.4.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ucopia:wireless_appliance_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BC12478-521A-40FF-A634-9C48C4FD0613",
              "versionEndExcluding": "5.0.19",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ucopia:wireless_appliance_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6231AD45-84FE-4975-9725-4F8F2A36D021",
              "versionEndExcluding": "5.1.11",
              "versionStartIncluding": "5.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ucopia:wireless_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1C8FCD-6DE1-4356-B646-8A790A4B6DB2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account."
    },
    {
      "lang": "es",
      "value": "Saneamiento de entradas indebido en el shell de administraci\u00f3n restringido en dispositivos UCOPIA Wireless Appliance en versiones anteriores a la 4.4.20, versiones 5.0.x anteriores a la 5.0.19 y versiones 5.1.x anteriores a la 5.1.11 permite que atacantes remotos escapen el shell y escalen sus privilegios mediante la subida de un archivo .bashrc que contenga la cadena /bin/sh. En algunas situaciones, la autenticaci\u00f3n puede lograrse mediante la contrase\u00f1a por defecto bhu85tgb para la cuenta de administrador."
    }
  ],
  "id": "CVE-2017-17743",
  "lastModified": "2024-11-21T03:18:34.227",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-22T05:29:00.237",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://securite.intrinsec.com/2018/03/19/cve-2017-17743-ucopia-shell-escape/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://securite.intrinsec.com/2018/03/19/cve-2017-17743-ucopia-shell-escape/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.