CVE-2017-7649 - OpenCVE

The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox "exec" command. As the process is running as "root" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eclipse	Kura

Configuration 1 [-]

cpe:2.3:a:eclipse:kura:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681
https://github.com/eclipse/kura/issues/956

History

No history.

MITRE

Status: PUBLISHED

Assigner: eclipse

Published: 2017-09-11T16:00:00Z

Updated: 2024-09-16T17:34:17.160Z

Reserved: 2017-04-11T00:00:00

Link: CVE-2017-7649

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-09-11T16:29:00.213

Modified: 2017-09-29T15:04:41.500

Link: CVE-2017-7649

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Eclipse Kura Installer", "vendor": "Eclipse Foundation", "versions": [{"lessThan": "2.1.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2017-04-04T00:00:00", "descriptions": [{"lang": "en", "value": "The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox \"exec\" command. As the process is running as \"root\" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address."}], "problemTypes": [{"descriptions": [{"description": "privileged remote code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-11T15:57:01", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/eclipse/kura/issues/956"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@eclipse.org", "DATE_PUBLIC": "2017-04-04T00:00:00", "ID": "CVE-2017-7649", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eclipse Kura Installer", "version": {"version_data": [{"version_affected": "<", "version_value": "2.1.0"}]}}]}, "vendor_name": "Eclipse Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox \"exec\" command. As the process is running as \"root\" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "privileged remote code execution"}]}]}, "references": {"reference_data": [{"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681"}, {"name": "https://github.com/eclipse/kura/issues/956", "refsource": "CONFIRM", "url": "https://github.com/eclipse/kura/issues/956"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:12:27.904Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/eclipse/kura/issues/956"}]}]}, "cveMetadata": {"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2017-7649", "datePublished": "2017-09-11T16:00:00Z", "dateReserved": "2017-04-11T00:00:00", "dateUpdated": "2024-09-16T17:34:17.160Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:kura:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5CB27F8-741A-458B-94C3-C2657DB5D4B4", "versionEndIncluding": "2.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox \"exec\" command. As the process is running as \"root\" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address."}, {"lang": "es", "value": "La distribuci\u00f3n adaptada a la red de Kura en versiones anteriores a la 2.1.0 asume el control de la configuraci\u00f3n del firewall del dispositivo, pero no permite la configuraci\u00f3n de las reglas del firewall IPv6. El puerto 5002 de la consola Equinox queda abierto, permitiendo el acceso a Kura sin credenciales de usuario por medio de un protocolo telnet sin cifrar y ejecutando comandos con el comando de Equinox \"exec\". Se puede conseguir el control total del dispositivo al ejecutarse el proceso como root. IPv6 tambi\u00e9n se deja en modo de autoconfiguraci\u00f3n, aceptando anuncios de router autom\u00e1ticamente y asignando una direcci\u00f3n IPv6 basada en una direcci\u00f3n MAC."}], "id": "CVE-2017-7649", "lastModified": "2017-09-29T15:04:41.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-11T16:29:00.213", "references": [{"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://github.com/eclipse/kura/issues/956"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}