CVE-2017-20084 - OpenCVE

A vulnerability has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832 and classified as critical. Affected by this vulnerability is an unknown functionality of the component KNX Group Address. The manipulation leads to backdoor. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jung-group	Smart Visu Server Smart Visu Server Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:jung-group:smart_visu_server_firmware:1.0.804:::::::*
	cpe:2.3:o:jung-group:smart_visu_server_firmware:1.0.830:::::::*
	cpe:2.3:o:jung-group:smart_visu_server_firmware:1.0.832:::::::*

cpe:2.3:h:jung-group:smart_visu_server:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2017/Feb/18
https://vuldb.com/?id.96817

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2022-06-22T06:10:18

Updated: 2024-08-05T21:45:25.474Z

Reserved: 2022-06-19T00:00:00

Link: CVE-2017-20084

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-06-22T06:15:07.517

Modified: 2022-06-29T17:04:47.820

Link: CVE-2017-20084

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Smart Visu Server", "vendor": "JUNG", "versions": [{"status": "affected", "version": "1.0.804"}, {"status": "affected", "version": "1.0.830"}, {"status": "affected", "version": "1.0.832"}]}], "credits": [{"lang": "en", "value": "T. Weber"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832 and classified as critical. Affected by this vulnerability is an unknown functionality of the component KNX Group Address. The manipulation leads to backdoor. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-912", "description": "CWE-912 Backdoor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-22T06:10:17", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://seclists.org/fulldisclosure/2017/Feb/18"}, {"tags": ["x_refsource_MISC"], "url": "https://vuldb.com/?id.96817"}], "title": "JUNG Smart Visu Server KNX Group Address backdoor", "x_generator": "vuldb.com", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@vuldb.com", "ID": "CVE-2017-20084", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "JUNG Smart Visu Server KNX Group Address backdoor"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Smart Visu Server", "version": {"version_data": [{"version_value": "1.0.804"}, {"version_value": "1.0.830"}, {"version_value": "1.0.832"}]}}]}, "vendor_name": "JUNG"}]}}, "credit": "T. Weber", "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832 and classified as critical. Affected by this vulnerability is an unknown functionality of the component KNX Group Address. The manipulation leads to backdoor. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component."}]}, "generator": "vuldb.com", "impact": {"cvss": {"baseScore": "5.3", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-912 Backdoor"}]}]}, "references": {"reference_data": [{"name": "http://seclists.org/fulldisclosure/2017/Feb/18", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2017/Feb/18"}, {"name": "https://vuldb.com/?id.96817", "refsource": "MISC", "url": "https://vuldb.com/?id.96817"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:45:25.474Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2017/Feb/18"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://vuldb.com/?id.96817"}]}]}, "cveMetadata": {"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2017-20084", "datePublished": "2022-06-22T06:10:18", "dateReserved": "2022-06-19T00:00:00", "dateUpdated": "2024-08-05T21:45:25.474Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:jung-group:smart_visu_server_firmware:1.0.804:*:*:*:*:*:*:*", "matchCriteriaId": "F5F3FFF1-510F-407F-B103-A145FB632239", "vulnerable": true}, {"criteria": "cpe:2.3:o:jung-group:smart_visu_server_firmware:1.0.830:*:*:*:*:*:*:*", "matchCriteriaId": "5A87AF62-2B51-45BB-8038-507B04BFA29A", "vulnerable": true}, {"criteria": "cpe:2.3:o:jung-group:smart_visu_server_firmware:1.0.832:*:*:*:*:*:*:*", "matchCriteriaId": "82295308-4508-4B08-B42B-D17C6AC836FA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:jung-group:smart_visu_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "B72946C8-4DEB-44E6-A22B-21AD3AC95A93", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832 and classified as critical. Affected by this vulnerability is an unknown functionality of the component KNX Group Address. The manipulation leads to backdoor. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en JUNG Smart Visu Server versiones 1.0.804/1.0.830/1.0.832 y ha sido clasificada como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del componente KNX Group Address. La manipulaci\u00f3n conlleva a un backdoor. Es requerido acceso local para abordar este ataque. La explotaci\u00f3n ha sido revelada al p\u00fablico y puede ser usada. La actualizaci\u00f3n a versi\u00f3n 1.0.900 puede abordar este problema. Es recomendado actualizar el componente afectado"}], "id": "CVE-2017-20084", "lastModified": "2022-06-29T17:04:47.820", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2022-06-22T06:15:07.517", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2017/Feb/18"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.96817"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-912"}], "source": "cna@vuldb.com", "type": "Secondary"}]}