CVE-2017-16778

EPSS 1.31%
Veröffentlicht 24.12.2019 14:15:11
Zuletzt bearbeitet 21.11.2024 03:16:57
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An access control weakness in the DTMF tone receiver of Fermax Outdoor Panel allows physical attackers to inject a Dual-Tone-Multi-Frequency (DTMF) tone to invoke an access grant that would allow physical access to a restricted floor/level. By design, only a residential unit owner may allow such an access grant. However, due to incorrect access control, an attacker could inject it via the speaker unit to perform an access grant to gain unauthorized access, as demonstrated by a loud DTMF tone representing '1' and a long '#' (697 Hz and 1209 Hz, followed by 941 Hz and 1477 Hz).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fermax ≫ Outdoor Panel Firmware Version-

Fermax ≫ Outdoor Panel Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.31%	0.779

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	0.9	3.6	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:P/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://github.com/breaktoprotect/CVE-2017-16778-Intercom-DTMF-Injection

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-16778

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-16778

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-16778

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-16778