VAR-201702-0686
Vulnerability from variot - Updated: 2023-12-18 13:53An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions and obtain sensitive information. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0686",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "hanwha security",
"version": "1.5"
},
{
"model": "smart security manager",
"scope": "lte",
"trust": 0.8,
"vendor": "hanwha techwin",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "lte",
"trust": 0.6,
"vendor": "hanwha",
"version": "\u003c=1.5"
},
{
"model": "smart security manager",
"scope": "eq",
"trust": 0.6,
"vendor": "hanwha techwin",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.4"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.31"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "smart security manager",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hanwha-security:smart_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5168"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley of Source Incite.",
"sources": [
{
"db": "BID",
"id": "96147"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5168",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5168",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-01645",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5168",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5168",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-01645",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-461",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. \nExploiting these issues may allow a remote attacker to perform certain unauthorized actions and obtain sensitive information. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5168",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-040-01",
"trust": 2.7
},
{
"db": "BID",
"id": "96147",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-01645",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710",
"trust": 0.8
},
{
"db": "IVD",
"id": "13E5304E-4192-41E8-9E8E-2B72B96F950E",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"id": "VAR-201702-0686",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
}
]
},
"last_update_date": "2023-12-18T13:53:05.439000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSM(Smart Security Manager)",
"trust": 0.8,
"url": "http://www.hanwha-security.com/prod/info.do?menucd=mn000185\u0026catg1=mc000087\u0026catg2=mc000089\u0026catg3=\u0026mdlcd=mc000825"
},
{
"title": "Hanwha Techwin Smart Security Manager privilege escalation vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/89536"
},
{
"title": "Hanwha Techwin Smart Security Manager ActiveMQ Broker Repair of service path traversal vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67752"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-040-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/96147"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5168"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5168"
},
{
"trust": 0.3,
"url": "http://www.hanwha-security.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"date": "2017-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"date": "2017-02-09T00:00:00",
"db": "BID",
"id": "96147"
},
{
"date": "2017-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"date": "2017-02-13T21:59:03.050000",
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"date": "2017-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01645"
},
{
"date": "2017-03-07T04:01:00",
"db": "BID",
"id": "96147"
},
{
"date": "2017-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001710"
},
{
"date": "2021-09-13T12:04:36.983000",
"db": "NVD",
"id": "CVE-2017-5168"
},
{
"date": "2021-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smart Security Manager of ActiveMQ Broker Path traversal vulnerability in services",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001710"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "13e5304e-4192-41e8-9e8e-2b72b96f950e"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-461"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…