CVE-2017-17691

Exploit

EPSS 0.29%
Veröffentlicht 07.09.2018 22:29:00
Zuletzt bearbeitet 21.11.2024 03:18:28
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Contronics ≫ Homeputer Cl Studio Fur Homematic Version < 4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.492

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2017-031_homematic.txt

Third Party Advisory

Exploit

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2017-17691

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-17691

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-17691

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-17691