CVE-2017-7649 (GCVE-0-2017-7649)

Vulnerability from cvelistv5 – Published: 2017-09-11 16:00 – Updated: 2024-09-16 17:34
VLAI?
Summary
The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox "exec" command. As the process is running as "root" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address.
Severity ?
No CVSS data available.
CWE
  • privileged remote code execution
Assigner
References
Impacted products
Vendor Product Version
Eclipse Foundation Eclipse Kura Installer Affected: unspecified , < 2.1.0 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:12:27.904Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/eclipse/kura/issues/956"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Eclipse Kura Installer",
          "vendor": "Eclipse Foundation",
          "versions": [
            {
              "lessThan": "2.1.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2017-04-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The network enabled distribution of Kura before 2.1.0 takes control over the device\u0027s firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox \"exec\" command. As the process is running as \"root\" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "privileged remote code execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-11T15:57:01",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/eclipse/kura/issues/956"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@eclipse.org",
          "DATE_PUBLIC": "2017-04-04T00:00:00",
          "ID": "CVE-2017-7649",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Eclipse Kura Installer",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "2.1.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Eclipse Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The network enabled distribution of Kura before 2.1.0 takes control over the device\u0027s firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox \"exec\" command. As the process is running as \"root\" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "privileged remote code execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681",
              "refsource": "CONFIRM",
              "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681"
            },
            {
              "name": "https://github.com/eclipse/kura/issues/956",
              "refsource": "CONFIRM",
              "url": "https://github.com/eclipse/kura/issues/956"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2017-7649",
    "datePublished": "2017-09-11T16:00:00Z",
    "dateReserved": "2017-04-11T00:00:00",
    "dateUpdated": "2024-09-16T17:34:17.160Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:eclipse:kura:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.0.2\", \"matchCriteriaId\": \"D5CB27F8-741A-458B-94C3-C2657DB5D4B4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The network enabled distribution of Kura before 2.1.0 takes control over the device\u0027s firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox \\\"exec\\\" command. As the process is running as \\\"root\\\" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address.\"}, {\"lang\": \"es\", \"value\": \"La distribuci\\u00f3n adaptada a la red de Kura en versiones anteriores a la 2.1.0 asume el control de la configuraci\\u00f3n del firewall del dispositivo, pero no permite la configuraci\\u00f3n de las reglas del firewall IPv6. El puerto 5002 de la consola Equinox queda abierto, permitiendo el acceso a Kura sin credenciales de usuario por medio de un protocolo telnet sin cifrar y ejecutando comandos con el comando de Equinox \\\"exec\\\". Se puede conseguir el control total del dispositivo al ejecutarse el proceso como root. IPv6 tambi\\u00e9n se deja en modo de autoconfiguraci\\u00f3n, aceptando anuncios de router autom\\u00e1ticamente y asignando una direcci\\u00f3n IPv6 basada en una direcci\\u00f3n MAC.\"}]",
      "id": "CVE-2017-7649",
      "lastModified": "2024-11-21T03:32:22.513",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-09-11T16:29:00.213",
      "references": "[{\"url\": \"https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681\", \"source\": \"emo@eclipse.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/eclipse/kura/issues/956\", \"source\": \"emo@eclipse.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/eclipse/kura/issues/956\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "emo@eclipse.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-7649\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2017-09-11T16:29:00.213\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The network enabled distribution of Kura before 2.1.0 takes control over the device\u0027s firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox \\\"exec\\\" command. As the process is running as \\\"root\\\" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address.\"},{\"lang\":\"es\",\"value\":\"La distribuci\u00f3n adaptada a la red de Kura en versiones anteriores a la 2.1.0 asume el control de la configuraci\u00f3n del firewall del dispositivo, pero no permite la configuraci\u00f3n de las reglas del firewall IPv6. El puerto 5002 de la consola Equinox queda abierto, permitiendo el acceso a Kura sin credenciales de usuario por medio de un protocolo telnet sin cifrar y ejecutando comandos con el comando de Equinox \\\"exec\\\". Se puede conseguir el control total del dispositivo al ejecutarse el proceso como root. IPv6 tambi\u00e9n se deja en modo de autoconfiguraci\u00f3n, aceptando anuncios de router autom\u00e1ticamente y asignando una direcci\u00f3n IPv6 basada en una direcci\u00f3n MAC.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:kura:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0.2\",\"matchCriteriaId\":\"D5CB27F8-741A-458B-94C3-C2657DB5D4B4\"}]}]}],\"references\":[{\"url\":\"https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/eclipse/kura/issues/956\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/eclipse/kura/issues/956\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.