CVE-2017-2914

Exploit

EPSS 0.54%
Veröffentlicht 07.11.2017 16:29:01
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle talos-cna@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs network connectivity to the device to trigger this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Meetcircle ≫ Circle With Disney Firmware Version2.0.1

Meetcircle ≫ Circle With Disney Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.54%	0.671

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
talos-cna@cisco.com	9	2.2	6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0421

Third Party Advisory

Exploit

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2017-2914

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-2914

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-2914

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-2914