10

CVE-2017-14021

A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks.

Data is provided by the National Vulnerability Database (NVD)
KorenixJetnet5018g Firmware Version1.4
   KorenixJetnet 5018g Version-
KorenixJetnet5310g Firmware Version1.4a
   KorenixJetnet 5310g Version-
KorenixJetnet5628g Firmware Version1.4
   KorenixJetnet 5628g Version-
KorenixJetnet5628g-r Firmware Version1.4
   KorenixJetnet 5628g-r Version-
KorenixJetnet5728g-24p Firmware Version1.4
   KorenixJetnet 5728g-24p Version-
KorenixJetnet5828g Firmware Version1.1d
   KorenixJetnet 5828g Version-
KorenixJetnet6710g Firmware Version1.1
   KorenixJetnet 6710g Version-
KorenixJetnet6710g-hvdc Firmware Version11e
   KorenixJetnet 6710g-hvdc Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.08% 0.239
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-321 Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

http://www.securityfocus.com/bid/101598
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01
Third Party Advisory
US Government Resource