OpenCVE

Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:A/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sharp	Rx-clv1-p Rx-clv1-p Firmware Rx-clv2-b Rx-clv2-b Firmware Rx-clv3-n Rx-clv3-n Firmware Rx-v100 Rx-v100 Firmware Rx-v200 Rx-v200 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:sharp:rx-v200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp:rx-v200:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:sharp:rx-v100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp:rx-v100:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:sharp:rx-clv1-p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp:rx-clv1-p:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:sharp:rx-clv2-b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp:rx-clv2-b:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:sharp:rx-clv3-n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp:rx-clv3-n:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://jvn.jp/en/jp/JVN76382932/index.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2017-11-17T14:00:00

Updated: 2024-08-05T17:50:12.497Z

Reserved: 2017-07-04T00:00:00

Link: CVE-2017-10890

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-11-17T14:29:00.403

Modified: 2024-11-21T03:06:41.277

Link: CVE-2017-10890

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "RX-V200 firmware", "vendor": "Sharp Corporation", "versions": [{"status": "affected", "version": "prior to 09.87.17.09"}]}, {"product": "RX-V100 firmware", "vendor": "Sharp Corporation", "versions": [{"status": "affected", "version": "prior to 03.29.17.09"}]}, {"product": "RX-CLV1-P firmware", "vendor": "Sharp Corporation", "versions": [{"status": "affected", "version": "prior to 79.17.17.09"}]}, {"product": "RX-CLV2-B firmware", "vendor": "Sharp Corporation", "versions": [{"status": "affected", "version": "prior to 89.07.17.09"}]}, {"product": "RX-CLV3-N firmware", "vendor": "Sharp Corporation", "versions": [{"status": "affected", "version": "prior to 91.09.17.10"}]}], "datePublic": "2017-11-16T00:00:00", "descriptions": [{"lang": "en", "value": "Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "Session Management Issue", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-17T13:57:01", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"name": "JVN#76382932", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "https://jvn.jp/en/jp/JVN76382932/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2017-10890", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "RX-V200 firmware", "version": {"version_data": [{"version_value": "prior to 09.87.17.09"}]}}, {"product_name": "RX-V100 firmware", "version": {"version_data": [{"version_value": "prior to 03.29.17.09"}]}}, {"product_name": "RX-CLV1-P firmware", "version": {"version_data": [{"version_value": "prior to 79.17.17.09"}]}}, {"product_name": "RX-CLV2-B firmware", "version": {"version_data": [{"version_value": "prior to 89.07.17.09"}]}}, {"product_name": "RX-CLV3-N firmware", "version": {"version_data": [{"version_value": "prior to 91.09.17.10"}]}}]}, "vendor_name": "Sharp Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Session Management Issue"}]}]}, "references": {"reference_data": [{"name": "JVN#76382932", "refsource": "JVN", "url": "https://jvn.jp/en/jp/JVN76382932/index.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:50:12.497Z"}, "title": "CVE Program Container", "references": [{"name": "JVN#76382932", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "https://jvn.jp/en/jp/JVN76382932/index.html"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2017-10890", "datePublished": "2017-11-17T14:00:00", "dateReserved": "2017-07-04T00:00:00", "dateUpdated": "2024-08-05T17:50:12.497Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sharp:rx-v200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F93BE0D7-93F2-416A-95D2-5572ABDA476E", "versionEndExcluding": "09.87.17.09", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sharp:rx-v200:-:*:*:*:*:*:*:*", "matchCriteriaId": "213C19FE-D159-402C-A07C-AE9F5A9B6F1F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sharp:rx-v100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4FAD03A-268C-4F47-93FC-00D37556C290", "versionEndExcluding": "03.29.17.09", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sharp:rx-v100:-:*:*:*:*:*:*:*", "matchCriteriaId": "B86C4910-D1AC-4052-A058-08944AD251C0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sharp:rx-clv1-p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "65CD9A51-48D4-4668-9260-129F03EDF01F", "versionEndExcluding": "79.17.17.09", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sharp:rx-clv1-p:-:*:*:*:*:*:*:*", "matchCriteriaId": "018AA4E8-9986-4C45-8181-01AA43C81077", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sharp:rx-clv2-b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C528EF4-E644-4357-8A14-B39527FFB21C", "versionEndExcluding": "89.07.17.09", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sharp:rx-clv2-b:-:*:*:*:*:*:*:*", "matchCriteriaId": "39D3526B-D7D8-4D0C-AA1D-85566A3C442A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sharp:rx-clv3-n_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEA165C4-40B8-4681-ADF5-C2B020299B83", "versionEndExcluding": "91.09.17.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sharp:rx-clv3-n:-:*:*:*:*:*:*:*", "matchCriteriaId": "21766F38-1FF6-45FA-BE4F-04DD132DD3A8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors."}, {"lang": "es", "value": "Un error de gesti\u00f3n de sesiones en RX-V200 con versiones de firmware anteriores a la 09.87.17.09, RX-V100 con versiones de firmware anteriores a la 03.29.17.09, RX-CLV1-P con versiones de firmware anteriores a la 79.17.17.09, RX-CLV2-B con versiones de firmware anteriores a la 89.07.17.09 y RX-CLV3-N con versiones de firmware anteriores a la 91.09.17.10 permite que un atacante en la misma red LAN realice operaciones arbitrarias o acceda a informaci\u00f3n mediante vectores no especificados."}], "id": "CVE-2017-10890", "lastModified": "2024-11-21T03:06:41.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-17T14:29:00.403", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://jvn.jp/en/jp/JVN76382932/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://jvn.jp/en/jp/JVN76382932/index.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-384"}], "source": "nvd@nist.gov", "type": "Primary"}]}