CVE-2017-7649

EPSS 0.37%
Veröffentlicht 11.09.2017 16:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle emo@eclipse.org
Teams Watchlist Login
Unerledigt Login

The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox "exec" command. As the process is running as "root" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Eclipse ≫ Kura Version <= 2.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.56

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681

Third Party Advisory

https://github.com/eclipse/kura/issues/956

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-7649

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-7649

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-7649

EUVD