VAR-201910-1479
Vulnerability from variot - Updated: 2024-11-23 21:36Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors. AVM Fritz!Box 7490 Contains an information disclosure vulnerability.Information may be obtained. Deutsche Telekom CERT Advisory [DTC-A-20170323-001]
Summary: Information leakage found in FRITZ!OS 6.83 & 6.80 (AVM DSL Router Fritz!Box 7490)
Recommendation: Update to the newest Version of FRITZ!OS
Details: a) application b) problem c) CVSS d) detailed description e) credits
a) FRITZ!OS 6.83 & 6.80 (AVM DSL Router Fritz!Box 7490)
b) Memory leakage within the PPPoE/PPP padding
c) 4.7 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/RL:U
d)
Multiple DSL access router (aka Homegateway / CPE) handle PPPoE frame padding incorrectly.
This seems to be similar to http://www.securiteam.com/securitynews/5BP01208UO.html.
AVM DSL Router Fritz!Box 7490 (tested with FRITZ!OS 6.83 & 6.80) sends portion of memory within PPPoE Discovery protocol PADT frames because arbitrary memory is used in the padding to reach the minimum Ethernet frame length.
Further research shows that \x93short\x94 PPP LCP frames are also padded with random memory.
e) Christian Kagerhuber
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "fritz\\!os",
"scope": "eq",
"trust": 1.0,
"vendor": "avm",
"version": "6.83"
},
{
"_id": null,
"model": "fritz\\!os",
"scope": "eq",
"trust": 1.0,
"vendor": "avm",
"version": "6.80"
},
{
"_id": null,
"model": "fritz!box",
"scope": "eq",
"trust": 0.8,
"vendor": "avm",
"version": "6.80"
},
{
"_id": null,
"model": "fritz!box",
"scope": "eq",
"trust": 0.8,
"vendor": "avm",
"version": "6.83"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014771"
},
{
"db": "NVD",
"id": "CVE-2017-8087"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:avm:fritz%21_os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014771"
}
]
},
"credits": {
"_id": null,
"data": "Christian Kagerhuber",
"sources": [
{
"db": "PACKETSTORM",
"id": "153662"
}
],
"trust": 0.1
},
"cve": "CVE-2017-8087",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-8087",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 0.9,
"id": "CVE-2017-8087",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.4,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-8087",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-8087",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2017-8087",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1165",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014771"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1165"
},
{
"db": "NVD",
"id": "CVE-2017-8087"
}
]
},
"description": {
"_id": null,
"data": "Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors. AVM Fritz!Box 7490 Contains an information disclosure vulnerability.Information may be obtained. Deutsche Telekom CERT Advisory [DTC-A-20170323-001]\n\nSummary:\nInformation leakage found in FRITZ!OS 6.83 \u0026 6.80 (AVM DSL Router Fritz!Box 7490)\n\nRecommendation:\nUpdate to the newest Version of FRITZ!OS\n\nDetails:\na) application\nb) problem\nc) CVSS\nd) detailed description\ne) credits\n\n------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------\n\na) FRITZ!OS 6.83 \u0026 6.80 (AVM DSL Router Fritz!Box 7490)\n\nb) Memory leakage within the PPPoE/PPP padding \n\nc) 4.7 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/RL:U\n\nd) \nMultiple DSL access router (aka Homegateway / CPE) handle PPPoE frame padding incorrectly. \nThis seems to be similar to http://www.securiteam.com/securitynews/5BP01208UO.html. \n\nAVM DSL Router Fritz!Box 7490 (tested with FRITZ!OS 6.83 \u0026 6.80) sends portion of memory within PPPoE Discovery protocol PADT frames because arbitrary memory is used in the padding to reach the minimum Ethernet frame length. \n\nFurther research shows that \\x93short\\x94 PPP LCP frames are also padded with random memory. \n\ne) Christian Kagerhuber \n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8087"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014771"
},
{
"db": "PACKETSTORM",
"id": "153662"
}
],
"trust": 1.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2017-8087",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014771",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1165",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "153662",
"trust": 0.1
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014771"
},
{
"db": "PACKETSTORM",
"id": "153662"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1165"
},
{
"db": "NVD",
"id": "CVE-2017-8087"
}
]
},
"id": "VAR-201910-1479",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.4861111
},
"last_update_date": "2024-11-23T21:36:34.170000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://en.avm.de/"
},
{
"title": "AVM Fritz!Box 7490 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100716"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014771"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1165"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014771"
},
{
"db": "NVD",
"id": "CVE-2017-8087"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "http://seclists.org/fulldisclosure/2019/oct/36"
},
{
"trust": 1.6,
"url": "http://fritzbox.com"
},
{
"trust": 1.6,
"url": "http://avm.com"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8087"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8087"
},
{
"trust": 0.1,
"url": "http://www.securiteam.com/securitynews/5bp01208uo.html."
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014771"
},
{
"db": "PACKETSTORM",
"id": "153662"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1165"
},
{
"db": "NVD",
"id": "CVE-2017-8087"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014771",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "153662",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1165",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2017-8087",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014771",
"ident": null
},
{
"date": "2019-07-16T19:32:22",
"db": "PACKETSTORM",
"id": "153662",
"ident": null
},
{
"date": "2017-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1165",
"ident": null
},
{
"date": "2019-10-22T16:15:10.283000",
"db": "NVD",
"id": "CVE-2017-8087",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014771",
"ident": null
},
{
"date": "2019-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1165",
"ident": null
},
{
"date": "2024-11-21T03:33:18.840000",
"db": "NVD",
"id": "CVE-2017-8087",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "AVM Fritz!Box 7490 Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014771"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1165"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…