CVE-2017-5163
Severity Score
5.9
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal.
Ha sido descubierto un problema en Belden Hirschmann GECKO Lite Managed switch, versión 2.0.00 y versiones anteriores. Después de que un administrador descargue un archivo de configuración, una copia del archivo de configuración, que incluye hashes de contraseñas de usuario, se guarda en una ubicación accesible sin autenticación por salto de ruta.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-01-03 CVE Reserved
- 2017-02-13 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/95815 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02 | 2017-03-03 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Belden Hirschmann Search vendor "Belden Hirschmann" | Gecko Lite Managed Switch Firmware Search vendor "Belden Hirschmann" for product "Gecko Lite Managed Switch Firmware" | <= 2.0.00 Search vendor "Belden Hirschmann" for product "Gecko Lite Managed Switch Firmware" and version " <= 2.0.00" | - |
Affected
| in | Belden Hirschmann Search vendor "Belden Hirschmann" | Gecko Lite Managed Switch Search vendor "Belden Hirschmann" for product "Gecko Lite Managed Switch" | - | - |
Safe
|