cvelistv5 - cve-2017-14459

CVE-2017-14459 (GCVE-0-2017-14459)

Vulnerability from cvelistv5 – Published: 2018-04-11 16:00 – Updated: 2024-09-16 23:55

Summary

Severity ?

10 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

remote code execution

Assigner

talos

References

URL

Tags

https://talosintelligence.com/vulnerability_repor…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Talos	Moxa	Affected: Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client versions 1.4 - 1.9. In addition, versions prior to 1.4 appear similarly vulnerable to injection, but not as easily exploitable (described below). Other models in the AWK product line may likewise be vulnerable but have not been tested.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:27:40.529Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Moxa",
          "vendor": "Talos",
          "versions": [
            {
              "status": "affected",
              "version": "Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client versions 1.4 - 1.9. In addition, versions prior to 1.4 appear similarly vulnerable to injection, but not as easily exploitable (described below). Other models in the AWK product line may likewise be vulnerable but have not been tested."
            }
          ]
        }
      ],
      "datePublic": "2018-04-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "remote code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T18:21:07",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "DATE_PUBLIC": "2018-04-13T00:00:00",
          "ID": "CVE-2017-14459",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Moxa",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client versions 1.4 - 1.9. In addition, versions prior to 1.4 appear similarly vulnerable to injection, but not as easily exploitable (described below). Other models in the AWK product line may likewise be vulnerable but have not been tested."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Talos"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 10,
            "baseSeverity": null,
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "remote code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2017-14459",
    "datePublished": "2018-04-11T16:00:00Z",
    "dateReserved": "2017-09-13T00:00:00",
    "dateUpdated": "2024-09-16T23:55:35.997Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:moxa:awk-3131a_firmware:1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C624D249-F591-4B80-8225-00F14DA81DB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:moxa:awk-3131a_firmware:1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"544170D3-65F2-4D16-8B07-9D2A6A16BA66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:moxa:awk-3131a_firmware:1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D969E1FE-77B3-46D5-8D52-1A6C2AFB63BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:moxa:awk-3131a_firmware:1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"058AAB67-CB52-4521-9D8E-7A9F3DAC22B1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"143AB2D7-E663-4F5D-A9EC-5E3A15B114E0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad explotable de inyecci\\u00f3n de comandos del sistema operativo en las funcionalidades Telnet, SSH e inicio de sesi\\u00f3n en consola en el AP/bridge/cliente inal\\u00e1mbrico Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n, en versiones de firmware de la 1.4 a la 1.7 (actual). Un atacante puede inyectar comandos mediante el par\\u00e1metro username de varios servicios (SSH, Telnet, consola), lo que resulta en la ejecuci\\u00f3n remota no autenticada de comandos del sistema operativo a nivel root.\"}]",
      "id": "CVE-2017-14459",
      "lastModified": "2024-11-21T03:12:50.197",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"talos-cna@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-04-11T16:29:00.213",
      "references": "[{\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507\", \"source\": \"talos-cna@cisco.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "talos-cna@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-14459\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2018-04-11T16:29:00.213\",\"lastModified\":\"2024-11-21T03:12:50.197\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad explotable de inyecci\u00f3n de comandos del sistema operativo en las funcionalidades Telnet, SSH e inicio de sesi\u00f3n en consola en el AP/bridge/cliente inal\u00e1mbrico Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n, en versiones de firmware de la 1.4 a la 1.7 (actual). Un atacante puede inyectar comandos mediante el par\u00e1metro username de varios servicios (SSH, Telnet, consola), lo que resulta en la ejecuci\u00f3n remota no autenticada de comandos del sistema operativo a nivel root.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:moxa:awk-3131a_firmware:1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C624D249-F591-4B80-8225-00F14DA81DB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:moxa:awk-3131a_firmware:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"544170D3-65F2-4D16-8B07-9D2A6A16BA66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:moxa:awk-3131a_firmware:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D969E1FE-77B3-46D5-8D52-1A6C2AFB63BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:moxa:awk-3131a_firmware:1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"058AAB67-CB52-4521-9D8E-7A9F3DAC22B1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"143AB2D7-E663-4F5D-A9EC-5E3A15B114E0\"}]}]}],\"references\":[{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2018-AVI-173

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans SCADA les produits Moxa . Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Moxa	N/A	Moxa AWK-3131A versions antérieures à 1.10
	Moxa	N/A	Moxa MXview versions antérieures à 2.9

References

Title

Publication Time

Tags

Avis de sécurité ICS-CERT ICSA-18-095-02 du 05 avril 2018	None	vendor-advisory
Billet de blogue Talos du 03 avril 2018	None	vendor-advisory
Foire aux questions de Moxa du 13 avril 2018	-	other
Avis de sécurité ICS-CERT ICSA-18-095-02 du 05 avril 2018	-	other
Rapport de vulnérabilité Talos CVE-2017-14459	-	other
Page de téléchargement du micrologiciel pour Moxa AWK-3131A	-	other
Page de téléchargement de Moxa MXview	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Moxa AWK-3131A versions ant\u00e9rieures \u00e0 1.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "Moxa MXview versions ant\u00e9rieures \u00e0 2.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-14459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14459"
    },
    {
      "name": "CVE-2018-7506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7506"
    }
  ],
  "links": [
    {
      "title": "Foire aux questions de Moxa du 13 avril 2018",
      "url": "https://www.moxa.com/support/faq/faq_detail.aspx?id=2718"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 ICS-CERT ICSA-18-095-02\u00a0du 05 avril 2018",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-095-02"
    },
    {
      "title": "Rapport de vuln\u00e9rabilit\u00e9 Talos CVE-2017-14459",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507"
    },
    {
      "title": "Page de t\u00e9l\u00e9chargement du micrologiciel pour Moxa AWK-3131A",
      "url": "https://www.moxa.com/support/sarch_result.aspx?type=soft\u0026prod_id=3103\u0026type_id=4"
    },
    {
      "title": "Page de t\u00e9l\u00e9chargement de Moxa MXview",
      "url": "https://www.moxa.com/support/sarch_result.aspx?prod_id=622\u0026type_id=6\u0026type=soft"
    }
  ],
  "reference": "CERTFR-2018-AVI-173",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-04-06T00:00:00.000000"
    },
    {
      "description": "Ajout d\u0027un lien vers une foire aux questions Moxa",
      "revision_date": "2018-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nMoxa . Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Moxa",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 ICS-CERT ICSA-18-095-02 du 05 avril 2018",
      "url": null
    },
    {
      "published_at": null,
      "title": "Billet de blogue Talos du 03 avril 2018",
      "url": "http://blog.talosintelligence.com/2018/04/vulnerability-spotlight-moxa-awk-3131a.html"
    }
  ]
}

CERTFR-2018-AVI-173

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Moxa	N/A	Moxa AWK-3131A versions antérieures à 1.10
	Moxa	N/A	Moxa MXview versions antérieures à 2.9

References

Title

Publication Time

Tags

Avis de sécurité ICS-CERT ICSA-18-095-02 du 05 avril 2018	None	vendor-advisory
Billet de blogue Talos du 03 avril 2018	None	vendor-advisory
Foire aux questions de Moxa du 13 avril 2018	-	other
Avis de sécurité ICS-CERT ICSA-18-095-02 du 05 avril 2018	-	other
Rapport de vulnérabilité Talos CVE-2017-14459	-	other
Page de téléchargement du micrologiciel pour Moxa AWK-3131A	-	other
Page de téléchargement de Moxa MXview	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Moxa AWK-3131A versions ant\u00e9rieures \u00e0 1.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "Moxa MXview versions ant\u00e9rieures \u00e0 2.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-14459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14459"
    },
    {
      "name": "CVE-2018-7506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7506"
    }
  ],
  "links": [
    {
      "title": "Foire aux questions de Moxa du 13 avril 2018",
      "url": "https://www.moxa.com/support/faq/faq_detail.aspx?id=2718"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 ICS-CERT ICSA-18-095-02\u00a0du 05 avril 2018",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-095-02"
    },
    {
      "title": "Rapport de vuln\u00e9rabilit\u00e9 Talos CVE-2017-14459",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507"
    },
    {
      "title": "Page de t\u00e9l\u00e9chargement du micrologiciel pour Moxa AWK-3131A",
      "url": "https://www.moxa.com/support/sarch_result.aspx?type=soft\u0026prod_id=3103\u0026type_id=4"
    },
    {
      "title": "Page de t\u00e9l\u00e9chargement de Moxa MXview",
      "url": "https://www.moxa.com/support/sarch_result.aspx?prod_id=622\u0026type_id=6\u0026type=soft"
    }
  ],
  "reference": "CERTFR-2018-AVI-173",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-04-06T00:00:00.000000"
    },
    {
      "description": "Ajout d\u0027un lien vers une foire aux questions Moxa",
      "revision_date": "2018-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nMoxa . Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Moxa",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 ICS-CERT ICSA-18-095-02 du 05 avril 2018",
      "url": null
    },
    {
      "published_at": null,
      "title": "Billet de blogue Talos du 03 avril 2018",
      "url": "http://blog.talosintelligence.com/2018/04/vulnerability-spotlight-moxa-awk-3131a.html"
    }
  ]
}

CNVD-2018-10105

Vulnerability from cnvd - Published: 2018-05-23

Title

Moxa AWK-3131A操作系统命令注入漏洞

Description

Moxa AWK-3131A是摩莎（Moxa）公司的一款无线接入设备。使用1.4版本至1.7版本固件的Moxa AWK-3131A中的Telnet、SSH和console登录功能存在操作系统命令注入漏洞。远程攻击者可借助SSH, Telnet, console服务的‘username’参数利用该漏洞执行root操作系统命令。

Severity

高

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://www.moxa.com/

Reference

https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507

Impacted products

Name
Moxa AWK-3131A >=1.4，<=1.7

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-14459",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14459"
    }
  },
  "description": "Moxa AWK-3131A\u662f\u6469\u838e\uff08Moxa\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u63a5\u5165\u8bbe\u5907\u3002\r\n\r\n\u4f7f\u75281.4\u7248\u672c\u81f31.7\u7248\u672c\u56fa\u4ef6\u7684Moxa AWK-3131A\u4e2d\u7684Telnet\u3001SSH\u548cconsole\u767b\u5f55\u529f\u80fd\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9SSH, Telnet, console\u670d\u52a1\u7684\u2018username\u2019\u53c2\u6570\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884croot\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002",
  "discovererName": "Patrick DeSantis and Dave McDaniel of Cisco Talos",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.moxa.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-10105",
  "openTime": "2018-05-23",
  "products": {
    "product": "Moxa AWK-3131A \u003e=1.4\uff0c\u003c=1.7"
  },
  "referenceLink": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507",
  "serverity": "\u9ad8",
  "submitTime": "2018-04-26",
  "title": "Moxa AWK-3131A\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

GHSA-GF27-CHXC-6V9W

Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-14459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-11T16:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution.",
  "id": "GHSA-gf27-chxc-6v9w",
  "modified": "2022-05-13T01:01:33Z",
  "published": "2022-05-13T01:01:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14459"
    },
    {
      "type": "WEB",
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2017-14459

Vulnerability from fkie_nvd - Published: 2018-04-11 16:29 - Updated: 2024-11-21 03:12

Severity ?

10.0 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	talos-cna@cisco.com	https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507	Third Party Advisory

Impacted products

Vendor	Product	Version
moxa	awk-3131a_firmware	1.4
moxa	awk-3131a_firmware	1.5
moxa	awk-3131a_firmware	1.6
moxa	awk-3131a_firmware	1.7
moxa	awk-3131a	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:moxa:awk-3131a_firmware:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C624D249-F591-4B80-8225-00F14DA81DB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:moxa:awk-3131a_firmware:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "544170D3-65F2-4D16-8B07-9D2A6A16BA66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:moxa:awk-3131a_firmware:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D969E1FE-77B3-46D5-8D52-1A6C2AFB63BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:moxa:awk-3131a_firmware:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "058AAB67-CB52-4521-9D8E-7A9F3DAC22B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "143AB2D7-E663-4F5D-A9EC-5E3A15B114E0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad explotable de inyecci\u00f3n de comandos del sistema operativo en las funcionalidades Telnet, SSH e inicio de sesi\u00f3n en consola en el AP/bridge/cliente inal\u00e1mbrico Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n, en versiones de firmware de la 1.4 a la 1.7 (actual). Un atacante puede inyectar comandos mediante el par\u00e1metro username de varios servicios (SSH, Telnet, consola), lo que resulta en la ejecuci\u00f3n remota no autenticada de comandos del sistema operativo a nivel root."
    }
  ],
  "id": "CVE-2017-14459",
  "lastModified": "2024-11-21T03:12:50.197",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "talos-cna@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-11T16:29:00.213",
  "references": [
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507"
    }
  ],
  "sourceIdentifier": "talos-cna@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2017-14459

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-14459

Aliases

CVE-2017-14459

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-14459",
    "description": "An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution.",
    "id": "GSD-2017-14459"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-14459"
      ],
      "details": "An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution.",
      "id": "GSD-2017-14459",
      "modified": "2023-12-13T01:21:12.577008Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "talos-cna@cisco.com",
        "DATE_PUBLIC": "2018-04-13T00:00:00",
        "ID": "CVE-2017-14459",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Moxa",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client versions 1.4 - 1.9. In addition, versions prior to 1.4 appear similarly vulnerable to injection, but not as easily exploitable (described below). Other models in the AWK product line may likewise be vulnerable but have not been tested."
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Talos"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": 10.0,
          "baseSeverity": null,
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "remote code execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507",
            "refsource": "MISC",
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2017-14459"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-04-19T19:15Z",
      "publishedDate": "2018-04-11T16:29Z"
    }
  }
}

VAR-201804-0372

Vulnerability from variot - Updated: 2023-12-18 13:33

An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution. Moxa AWK-3131A Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaAWK-3131A is a wireless access device from Moxa

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0372",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "awk-3131a",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "moxa",
        "version": "1.7"
      },
      {
        "model": "awk-3131a",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "moxa",
        "version": "1.5"
      },
      {
        "model": "awk-3131a",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "moxa",
        "version": "1.6"
      },
      {
        "model": "awk-3131a",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "moxa",
        "version": "1.4"
      },
      {
        "model": "awk-3131a",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "moxa",
        "version": "1.4 to  1.7"
      },
      {
        "model": "awk-3131a",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "moxa",
        "version": "1.4\u003c=1.7"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-10105"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013280"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14459"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-609"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:moxa:awk-3131a_firmware:1.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-14459"
      }
    ]
  },
  "cve": "CVE-2017-14459",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2017-14459",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-10105",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-105183",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "talos-cna@cisco.com",
            "availabilityImpact": "HIGH",
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-14459",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-14459",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "talos-cna@cisco.com",
            "id": "CVE-2017-14459",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-10105",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201709-609",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-105183",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-14459",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-10105"
      },
      {
        "db": "VULHUB",
        "id": "VHN-105183"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-14459"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013280"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14459"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14459"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-609"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution. Moxa AWK-3131A Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MoxaAWK-3131A is a wireless access device from Moxa",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-14459"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013280"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-10105"
      },
      {
        "db": "VULHUB",
        "id": "VHN-105183"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-14459"
      }
    ],
    "trust": 2.34
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-105183",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-105183"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-14459",
        "trust": 3.2
      },
      {
        "db": "TALOS",
        "id": "TALOS-2017-0507",
        "trust": 3.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013280",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-609",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-10105",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "44398",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-105183",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-14459",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-10105"
      },
      {
        "db": "VULHUB",
        "id": "VHN-105183"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-14459"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013280"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14459"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-609"
      }
    ]
  },
  "id": "VAR-201804-0372",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-10105"
      },
      {
        "db": "VULHUB",
        "id": "VHN-105183"
      }
    ],
    "trust": 1.28235294
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-10105"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:33:53.098000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "AWK-3131A \u30b7\u30ea\u30fc\u30ba",
        "trust": 0.8,
        "url": "https://japan.moxa.com/product/awk-3131a.htm"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013280"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-105183"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013280"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14459"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.2,
        "url": "https://talosintelligence.com/vulnerability_reports/talos-2017-0507"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14459"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14459"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/78.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-10105"
      },
      {
        "db": "VULHUB",
        "id": "VHN-105183"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-14459"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013280"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14459"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-609"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-10105"
      },
      {
        "db": "VULHUB",
        "id": "VHN-105183"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-14459"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013280"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14459"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-609"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-05-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-10105"
      },
      {
        "date": "2018-04-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-105183"
      },
      {
        "date": "2018-04-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-14459"
      },
      {
        "date": "2018-06-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-013280"
      },
      {
        "date": "2018-04-11T16:29:00.213000",
        "db": "NVD",
        "id": "CVE-2017-14459"
      },
      {
        "date": "2017-09-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-609"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-05-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-10105"
      },
      {
        "date": "2018-05-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-105183"
      },
      {
        "date": "2018-05-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-14459"
      },
      {
        "date": "2018-06-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-013280"
      },
      {
        "date": "2022-04-19T19:15:17.327000",
        "db": "NVD",
        "id": "CVE-2017-14459"
      },
      {
        "date": "2022-04-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-609"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-609"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Moxa AWK-3131A Operating System Command Injection Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-10105"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-609"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-609"
      }
    ],
    "trust": 0.6
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-14459 (GCVE-0-2017-14459)

CERTFR-2018-AVI-173

Solution

CERTFR-2018-AVI-173

Solution

CNVD-2018-10105

GHSA-GF27-CHXC-6V9W

FKIE_CVE-2017-14459

GSD-2017-14459

VAR-201804-0372

Tags

Sightings

Nomenclature