A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Solar-log
  • Solar-log 300
  • Solar-log 1200 Firmware
  • Solar-log 800e
  • Solar-log 2000
  • Solar-log 250 Firmware
  • Solar-log 500 Firmware
  • Solar-log 2000 Firmware
  • Solar-log 1000 Firmware
  • Solar-log 300 Firmware
  • Solar-log 500
  • Solar-log 1000 Pm\+ Firmware
  • Solar-log 1000 Pm\+
  • Solar-log 1200
  • Solar-log 800e Firmware
  • Solar-log 1000
  • Solar-log 250

Configuration 1 [-]

AND
OR cpe:2.3:o:solar-log:solar-log_250_firmware:2.8.4-56:*:*:*:*:*:*:*
cpe:2.3:o:solar-log:solar-log_250_firmware:3.5.2-85:*:*:*:*:*:*:*
cpe:2.3:h:solar-log:solar-log_250:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:o:solar-log:solar-log_300_firmware:2.8.4-56:*:*:*:*:*:*:*
cpe:2.3:o:solar-log:solar-log_300_firmware:3.5.2-85:*:*:*:*:*:*:*
cpe:2.3:h:solar-log:solar-log_300:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
OR cpe:2.3:o:solar-log:solar-log_500_firmware:2.8.4-56:*:*:*:*:*:*:*
cpe:2.3:o:solar-log:solar-log_500_firmware:3.5.2-85:*:*:*:*:*:*:*
cpe:2.3:h:solar-log:solar-log_500:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
OR cpe:2.3:o:solar-log:solar-log_800e_firmware:2.8.4-56:*:*:*:*:*:*:*
cpe:2.3:o:solar-log:solar-log_800e_firmware:3.5.2-85:*:*:*:*:*:*:*
cpe:2.3:h:solar-log:solar-log_800e:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
OR cpe:2.3:o:solar-log:solar-log_1000_firmware:2.8.4-56:*:*:*:*:*:*:*
cpe:2.3:o:solar-log:solar-log_1000_firmware:3.5.2-85:*:*:*:*:*:*:*
cpe:2.3:h:solar-log:solar-log_1000:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
OR cpe:2.3:o:solar-log:solar-log_1000_pm\+_firmware:2.8.4-56:*:*:*:*:*:*:*
cpe:2.3:o:solar-log:solar-log_1000_pm\+_firmware:3.5.2-85:*:*:*:*:*:*:*
cpe:2.3:h:solar-log:solar-log_1000_pm\+:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
OR cpe:2.3:o:solar-log:solar-log_1200_firmware:2.8.4-56:*:*:*:*:*:*:*
cpe:2.3:o:solar-log:solar-log_1200_firmware:3.5.2-85:*:*:*:*:*:*:*
cpe:2.3:h:solar-log:solar-log_1200:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
OR cpe:2.3:o:solar-log:solar-log_2000_firmware:2.8.4-56:*:*:*:*:*:*:*
cpe:2.3:o:solar-log:solar-log_2000_firmware:3.5.2-85:*:*:*:*:*:*:*
cpe:2.3:h:solar-log:solar-log_2000:-:*:*:*:*:*:*:*
References
Link Resource
http://seclists.org/fulldisclosure/2017/Mar/58 Exploit Mailing List Third Party Advisory
https://vuldb.com/?id.98933 Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: VulDB

Published: 2022-06-09T22:35:57

Updated: 2022-06-09T22:35:57

Reserved: 2022-06-05T00:00:00

Link: CVE-2017-20023

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2022-06-09T23:15:08.167

Modified: 2022-06-17T19:12:37.217

Link: CVE-2017-20023

JSON object: View

cve-icon Redhat Information

No data.

CWE