VAR-201702-0687
Vulnerability from variot - Updated: 2023-12-18 13:53An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions and obtain sensitive information. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0687",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "smart security manager",
"scope": "lte",
"trust": 1.0,
"vendor": "hanwha security",
"version": "1.5"
},
{
"model": "smart security manager",
"scope": "lte",
"trust": 0.8,
"vendor": "hanwha techwin",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "lte",
"trust": 0.6,
"vendor": "hanwha",
"version": "\u003c=1.5"
},
{
"model": "smart security manager",
"scope": "eq",
"trust": 0.6,
"vendor": "hanwha techwin",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.5"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.4"
},
{
"model": "techwin smart security manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hanwha",
"version": "1.31"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "smart security manager",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hanwha-security:smart_security_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5169"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steven Seeley of Source Incite.",
"sources": [
{
"db": "BID",
"id": "96147"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5169",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5169",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-01643",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-5169",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5169",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-01643",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-460",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. \nExploiting these issues may allow a remote attacker to perform certain unauthorized actions and obtain sensitive information. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5169",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-040-01",
"trust": 3.3
},
{
"db": "BID",
"id": "96147",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-01643",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711",
"trust": 0.8
},
{
"db": "IVD",
"id": "BF78BCAD-0C38-477A-B8AC-FF7D1CA7667E",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"id": "VAR-201702-0687",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
}
]
},
"last_update_date": "2023-12-18T13:53:05.473000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSM(Smart Security Manager)",
"trust": 0.8,
"url": "http://www.hanwha-security.com/prod/info.do?menucd=mn000185\u0026catg1=mc000087\u0026catg2=mc000089\u0026catg3=\u0026mdlcd=mc000825"
},
{
"title": "Patch for Hanwha Techwin Smart Security Manager cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/89533"
},
{
"title": "Hanwha Techwin Smart Security Manager Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67751"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "NVD",
"id": "CVE-2017-5169"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-040-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/96147"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5169"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-5169"
},
{
"trust": 0.3,
"url": "http://www.hanwha-security.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "BID",
"id": "96147"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"date": "2017-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"date": "2017-02-09T00:00:00",
"db": "BID",
"id": "96147"
},
{
"date": "2017-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"date": "2017-02-13T21:59:03.067000",
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"date": "2017-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"date": "2017-03-07T04:01:00",
"db": "BID",
"id": "96147"
},
{
"date": "2017-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-001711"
},
{
"date": "2021-09-13T12:04:44.103000",
"db": "NVD",
"id": "CVE-2017-5169"
},
{
"date": "2021-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanwha Techwin Smart Security Manager Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "IVD",
"id": "bf78bcad-0c38-477a-b8ac-ff7d1ca7667e"
},
{
"db": "CNVD",
"id": "CNVD-2017-01643"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-460"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…