CVE-2017-7649 - OpenCVE

The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox "exec" command. As the process is running as "root" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Eclipse	Kura

Configuration 1 [-]

cpe:2.3:a:eclipse:kura:*:*:*:*:*:*:*:*

References

Link	Resource
https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681	Third Party Advisory
https://github.com/eclipse/kura/issues/956	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: eclipse

Published: 2017-04-04T00:00:00

Updated: 2017-09-11T15:57:01

Reserved: 2017-04-11T00:00:00

Link: CVE-2017-7649

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-09-11T16:29:00.213

Modified: 2017-09-29T15:04:41.500

Link: CVE-2017-7649

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "Eclipse Kura Installer", "vendor": "Eclipse Foundation", "versions": [{"lessThan": "2.1.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2017-04-04T00:00:00", "descriptions": [{"lang": "en", "value": "The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox \"exec\" command. As the process is running as \"root\" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address."}], "problemTypes": [{"descriptions": [{"description": "privileged remote code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-11T15:57:01", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/eclipse/kura/issues/956"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@eclipse.org", "DATE_PUBLIC": "2017-04-04T00:00:00", "ID": "CVE-2017-7649", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Eclipse Kura Installer", "version": {"version_data": [{"version_affected": "<", "version_value": "2.1.0"}]}}]}, "vendor_name": "Eclipse Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox \"exec\" command. As the process is running as \"root\" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "privileged remote code execution"}]}]}, "references": {"reference_data": [{"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681"}, {"name": "https://github.com/eclipse/kura/issues/956", "refsource": "CONFIRM", "url": "https://github.com/eclipse/kura/issues/956"}]}}}}, "cveMetadata": {"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2017-7649", "datePublished": "2017-04-04T00:00:00", "dateReserved": "2017-04-11T00:00:00", "dateUpdated": "2017-09-11T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:kura:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5CB27F8-741A-458B-94C3-C2657DB5D4B4", "versionEndIncluding": "2.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The network enabled distribution of Kura before 2.1.0 takes control over the device's firewall setup but does not allow IPv6 firewall rules to be configured. Still the Equinox console port 5002 is left open, allowing to log into Kura without any user credentials over unencrypted telnet and executing commands using the Equinox \"exec\" command. As the process is running as \"root\" full control over the device can be acquired. IPv6 is also left in auto-configuration mode, accepting router advertisements automatically and assigns a MAC address based IPv6 address."}, {"lang": "es", "value": "La distribuci\u00f3n adaptada a la red de Kura en versiones anteriores a la 2.1.0 asume el control de la configuraci\u00f3n del firewall del dispositivo, pero no permite la configuraci\u00f3n de las reglas del firewall IPv6. El puerto 5002 de la consola Equinox queda abierto, permitiendo el acceso a Kura sin credenciales de usuario por medio de un protocolo telnet sin cifrar y ejecutando comandos con el comando de Equinox \"exec\". Se puede conseguir el control total del dispositivo al ejecutarse el proceso como root. IPv6 tambi\u00e9n se deja en modo de autoconfiguraci\u00f3n, aceptando anuncios de router autom\u00e1ticamente y asignando una direcci\u00f3n IPv6 basada en una direcci\u00f3n MAC."}], "id": "CVE-2017-7649", "lastModified": "2017-09-29T15:04:41.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-11T16:29:00.213", "references": [{"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=514681"}, {"source": "emo@eclipse.org", "tags": ["Third Party Advisory"], "url": "https://github.com/eclipse/kura/issues/956"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}