CVE-2017-12094

{"id": "CVE-2017-12094", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.1, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.8}]}, "published": "2017-11-07T16:29:00.327", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0446", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad explotable en el an\u00e1lisis sint\u00e1ctico de WiFi Channel de Circle with Disney con firmware 2.0.1. Un SSID especialmente manipulado puede provocar que el dispositivo ejecute comandos sed arbitrarios. Un atacante necesita configurar un punto de acceso alcanzable por el dispositivo para desencadenar esta vulnerabilidad."}], "lastModified": "2022-04-19T19:15:13.463", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:meetcircle:circle_with_disney_firmware:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "287E642C-D156-4E0E-B8F7-2EFEEDC77E99"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:meetcircle:circle_with_disney:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9661BDE9-416C-40BF-B65C-E9979F511FF6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "talos-cna@cisco.com"}