CVE-2017-10890 - OpenCVE

Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:A/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Sharp	Rx-v200 Firmware Rx-clv3-n Firmware Rx-v200 Rx-clv2-b Rx-clv3-n Rx-clv1-p Rx-clv1-p Firmware Rx-clv2-b Firmware Rx-v100 Rx-v100 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:sharp:rx-v200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp:rx-v200:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:sharp:rx-v100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp:rx-v100:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:sharp:rx-clv1-p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp:rx-clv1-p:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:sharp:rx-clv2-b_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp:rx-clv2-b:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:sharp:rx-clv3-n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sharp:rx-clv3-n:-:*:*:*:*:*:*:*

References

Link	Resource
https://jvn.jp/en/jp/JVN76382932/index.html	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2017-11-17T14:00:00

Updated: 2017-11-17T13:57:01

Reserved: 2017-07-04T00:00:00

Link: CVE-2017-10890

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-11-17T14:29:00.403

Modified: 2017-12-08T17:13:57.390

Link: CVE-2017-10890

JSON object: View

Redhat Information

No data.

CWE

CWE-384

{"containers": {"cna": {"affected": [{"product": "RX-V200 firmware", "vendor": "Sharp Corporation", "versions": [{"status": "affected", "version": "prior to 09.87.17.09"}]}, {"product": "RX-V100 firmware", "vendor": "Sharp Corporation", "versions": [{"status": "affected", "version": "prior to 03.29.17.09"}]}, {"product": "RX-CLV1-P firmware", "vendor": "Sharp Corporation", "versions": [{"status": "affected", "version": "prior to 79.17.17.09"}]}, {"product": "RX-CLV2-B firmware", "vendor": "Sharp Corporation", "versions": [{"status": "affected", "version": "prior to 89.07.17.09"}]}, {"product": "RX-CLV3-N firmware", "vendor": "Sharp Corporation", "versions": [{"status": "affected", "version": "prior to 91.09.17.10"}]}], "datePublic": "2017-11-16T00:00:00", "descriptions": [{"lang": "en", "value": "Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "Session Management Issue", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-17T13:57:01", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"name": "JVN#76382932", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "https://jvn.jp/en/jp/JVN76382932/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2017-10890", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "RX-V200 firmware", "version": {"version_data": [{"version_value": "prior to 09.87.17.09"}]}}, {"product_name": "RX-V100 firmware", "version": {"version_data": [{"version_value": "prior to 03.29.17.09"}]}}, {"product_name": "RX-CLV1-P firmware", "version": {"version_data": [{"version_value": "prior to 79.17.17.09"}]}}, {"product_name": "RX-CLV2-B firmware", "version": {"version_data": [{"version_value": "prior to 89.07.17.09"}]}}, {"product_name": "RX-CLV3-N firmware", "version": {"version_data": [{"version_value": "prior to 91.09.17.10"}]}}]}, "vendor_name": "Sharp Corporation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Session Management Issue"}]}]}, "references": {"reference_data": [{"name": "JVN#76382932", "refsource": "JVN", "url": "https://jvn.jp/en/jp/JVN76382932/index.html"}]}}}}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2017-10890", "datePublished": "2017-11-17T14:00:00", "dateReserved": "2017-07-04T00:00:00", "dateUpdated": "2017-11-17T13:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sharp:rx-v200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F93BE0D7-93F2-416A-95D2-5572ABDA476E", "versionEndExcluding": "09.87.17.09", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sharp:rx-v200:-:*:*:*:*:*:*:*", "matchCriteriaId": "213C19FE-D159-402C-A07C-AE9F5A9B6F1F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sharp:rx-v100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4FAD03A-268C-4F47-93FC-00D37556C290", "versionEndExcluding": "03.29.17.09", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sharp:rx-v100:-:*:*:*:*:*:*:*", "matchCriteriaId": "B86C4910-D1AC-4052-A058-08944AD251C0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sharp:rx-clv1-p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "65CD9A51-48D4-4668-9260-129F03EDF01F", "versionEndExcluding": "79.17.17.09", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sharp:rx-clv1-p:-:*:*:*:*:*:*:*", "matchCriteriaId": "018AA4E8-9986-4C45-8181-01AA43C81077", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sharp:rx-clv2-b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C528EF4-E644-4357-8A14-B39527FFB21C", "versionEndExcluding": "89.07.17.09", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sharp:rx-clv2-b:-:*:*:*:*:*:*:*", "matchCriteriaId": "39D3526B-D7D8-4D0C-AA1D-85566A3C442A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sharp:rx-clv3-n_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEA165C4-40B8-4681-ADF5-C2B020299B83", "versionEndExcluding": "91.09.17.10", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sharp:rx-clv3-n:-:*:*:*:*:*:*:*", "matchCriteriaId": "21766F38-1FF6-45FA-BE4F-04DD132DD3A8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors."}, {"lang": "es", "value": "Un error de gesti\u00f3n de sesiones en RX-V200 con versiones de firmware anteriores a la 09.87.17.09, RX-V100 con versiones de firmware anteriores a la 03.29.17.09, RX-CLV1-P con versiones de firmware anteriores a la 79.17.17.09, RX-CLV2-B con versiones de firmware anteriores a la 89.07.17.09 y RX-CLV3-N con versiones de firmware anteriores a la 91.09.17.10 permite que un atacante en la misma red LAN realice operaciones arbitrarias o acceda a informaci\u00f3n mediante vectores no especificados."}], "id": "CVE-2017-10890", "lastModified": "2017-12-08T17:13:57.390", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-17T14:29:00.403", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://jvn.jp/en/jp/JVN76382932/index.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-384"}], "source": "nvd@nist.gov", "type": "Primary"}]}