CVE-2017-9388

{"id": "CVE-2017-9388", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-06-17T17:15:10.537", "references": [{"url": "http://packetstormsecurity.com/files/153242/Veralite-Veraedge-Router-XSS-Command-Injection-CSRF-Traversal.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Vera_sec_issues.pdf", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://seclists.org/bugtraq/2019/Jun/8", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device firmware file contains a file known as proxy.sh which allows the device to proxy a specific request to and from from another website. This is primarily used as a method of communication between the device and Vera website when the user is logged in to the https://home.getvera.com and allows the device to communicate between the device and website. One of the parameters retrieved by this specific script is \"url\". This parameter is not sanitized by the script correctly and is passed in a call to \"eval\" to execute \"curl\" functionality. This allows an attacker to escape from the executed command and then execute any commands of his/her choice."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en los dispositivos Vera VeraEdge 1.7.19 y Veralite 1.7.481. El dispositivo proporciona una interfaz de usuario web que permite a un usuario administrar el dispositivo. Como parte de la funcionalidad, el archivo de firmware del dispositivo contiene un archivo conocido como proxy.sh que le permite al dispositivo enviar una solicitud espec\u00edfica hacia y desde otro sitio web. Esto se usa principalmente como un m\u00e9todo de comunicaci\u00f3n entre el dispositivo y el sitio web de Vera cuando el usuario ha iniciado sesi\u00f3n en https://home.getvera.com y permite que el dispositivo se comunique entre el dispositivo y el sitio web. Uno de los par\u00e1metros recuperados por este script espec\u00edfico es \"url\". Este par\u00e1metro no est\u00e1 correctamente saneado por el script y se pasa en una llamada a \"eval\" para ejecutar la funcionalidad \"curl\". Esto permite a un atacante escapar del comando ejecutado y luego ejecutar cualquier comando de su elecci\u00f3n."}], "lastModified": "2019-06-20T14:51:06.173", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:getvera:veraedge_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49C1D79D-A586-4D41-A10C-1815E6E0D765", "versionEndIncluding": "1.7.19"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:getvera:veraedge:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0A3D3CAC-84A4-4F14-8FB6-1E6437F8D2C0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:getvera:veralite_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC96E7A8-DB6C-47C8-9B33-AE4ED418C70E", "versionEndIncluding": "1.7.481"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:getvera:veralite:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "914728A7-7BA3-4612-A6AA-172B24431947"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}