CVE-2017-20083 - OpenCVE

A vulnerability, which was classified as critical, was found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Affected is an unknown function of the component SSH Server. The manipulation leads to backdoor. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jung-group	Smart Visu Server Smart Visu Server Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:jung-group:smart_visu_server_firmware:1.0.804:::::::*
	cpe:2.3:o:jung-group:smart_visu_server_firmware:1.0.830:::::::*
	cpe:2.3:o:jung-group:smart_visu_server_firmware:1.0.832:::::::*

cpe:2.3:h:jung-group:smart_visu_server:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2017/Feb/18
https://vuldb.com/?id.96816

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2022-06-22T06:10:16

Updated: 2024-08-05T21:45:25.257Z

Reserved: 2022-06-19T00:00:00

Link: CVE-2017-20083

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-06-22T06:15:07.440

Modified: 2022-06-29T16:38:20.690

Link: CVE-2017-20083

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Smart Visu Server", "vendor": "JUNG", "versions": [{"status": "affected", "version": "1.0.804"}, {"status": "affected", "version": "1.0.830"}, {"status": "affected", "version": "1.0.832"}]}], "credits": [{"lang": "en", "value": "T. Weber"}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Affected is an unknown function of the component SSH Server. The manipulation leads to backdoor. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-912", "description": "CWE-912 Backdoor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-22T06:10:16", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2017/Feb/18"}, {"tags": ["x_refsource_MISC"], "url": "https://vuldb.com/?id.96816"}], "title": "JUNG Smart Visu Server SSH Server backdoor", "x_generator": "vuldb.com", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@vuldb.com", "ID": "CVE-2017-20083", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "JUNG Smart Visu Server SSH Server backdoor"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Smart Visu Server", "version": {"version_data": [{"version_value": "1.0.804"}, {"version_value": "1.0.830"}, {"version_value": "1.0.832"}]}}]}, "vendor_name": "JUNG"}]}}, "credit": "T. Weber", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability, which was classified as critical, was found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Affected is an unknown function of the component SSH Server. The manipulation leads to backdoor. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component."}]}, "generator": "vuldb.com", "impact": {"cvss": {"baseScore": "5.3", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-912 Backdoor"}]}]}, "references": {"reference_data": [{"name": "http://seclists.org/fulldisclosure/2017/Feb/18", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2017/Feb/18"}, {"name": "https://vuldb.com/?id.96816", "refsource": "MISC", "url": "https://vuldb.com/?id.96816"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:45:25.257Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2017/Feb/18"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://vuldb.com/?id.96816"}]}]}, "cveMetadata": {"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2017-20083", "datePublished": "2022-06-22T06:10:16", "dateReserved": "2022-06-19T00:00:00", "dateUpdated": "2024-08-05T21:45:25.257Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:jung-group:smart_visu_server_firmware:1.0.804:*:*:*:*:*:*:*", "matchCriteriaId": "F5F3FFF1-510F-407F-B103-A145FB632239", "vulnerable": true}, {"criteria": "cpe:2.3:o:jung-group:smart_visu_server_firmware:1.0.830:*:*:*:*:*:*:*", "matchCriteriaId": "5A87AF62-2B51-45BB-8038-507B04BFA29A", "vulnerable": true}, {"criteria": "cpe:2.3:o:jung-group:smart_visu_server_firmware:1.0.832:*:*:*:*:*:*:*", "matchCriteriaId": "82295308-4508-4B08-B42B-D17C6AC836FA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:jung-group:smart_visu_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "B72946C8-4DEB-44E6-A22B-21AD3AC95A93", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as critical, was found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Affected is an unknown function of the component SSH Server. The manipulation leads to backdoor. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad, clasificada como cr\u00edtica, en JUNG Smart Visu Server versiones 1.0.804/1.0.830/1.0.832. Est\u00e1 afectada una funci\u00f3n desconocida del componente SSH Server. La manipulaci\u00f3n conlleva a un backdoor. El ataque debe que ser abordado localmente. La explotaci\u00f3n ha sido revelada al p\u00fablico y puede ser usada. La actualizaci\u00f3n a versi\u00f3n 1.0.900 puede abordar este problema. Es recomendado actualizar el componente afectado"}], "id": "CVE-2017-20083", "lastModified": "2022-06-29T16:38:20.690", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2022-06-22T06:15:07.440", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2017/Feb/18"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.96816"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-912"}], "source": "cna@vuldb.com", "type": "Secondary"}]}