Lucene search

JpcertCVE-2017-10890

HistoryNov 17, 2017 - 2:29 p.m.

CVE-2017-10890

2017-11-1714:29:00

CWE-384

jpcert

web.nvd.nist.gov

cve-2017-10890

session management

rx-v200

rx-v100

rx-clv1-p

rx-clv2-b

rx-clv3-n

firmware

security

vulnerability

nvd

CVSS2

4.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

CVSS3

4.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

20.7%

JSON

Session management issue in RX-V200 firmware versions prior to 09.87.17.09, RX-V100 firmware versions prior to 03.29.17.09, RX-CLV1-P firmware versions prior to 79.17.17.09, RX-CLV2-B firmware versions prior to 89.07.17.09, RX-CLV3-N firmware versions prior to 91.09.17.10 allows an attacker on the same LAN to perform arbitrary operations or access information via unspecified vectors.

Affected configurations

Nvd

Vulners

Node

sharprx-v200_firmwareRange<09.87.17.09

AND

sharprx-v200Match-

Node

sharprx-v100_firmwareRange<03.29.17.09

AND

sharprx-v100Match-

Node

sharprx-clv1-p_firmwareRange<79.17.17.09

AND

sharprx-clv1-pMatch-

Node

sharprx-clv2-b_firmwareRange<89.07.17.09

AND

sharprx-clv2-bMatch-

Node

sharprx-clv3-n_firmwareRange<91.09.17.10

AND

sharprx-clv3-nMatch-

VendorProductVersionCPE
sharprx-v200_firmware*cpe:2.3:o:sharp:rx-v200_firmware:*:*:*:*:*:*:*:*
sharprx-v200-cpe:2.3:h:sharp:rx-v200:-:*:*:*:*:*:*:*
sharprx-v100_firmware*cpe:2.3:o:sharp:rx-v100_firmware:*:*:*:*:*:*:*:*
sharprx-v100-cpe:2.3:h:sharp:rx-v100:-:*:*:*:*:*:*:*
sharprx-clv1-p_firmware*cpe:2.3:o:sharp:rx-clv1-p_firmware:*:*:*:*:*:*:*:*
sharprx-clv1-p-cpe:2.3:h:sharp:rx-clv1-p:-:*:*:*:*:*:*:*
sharprx-clv2-b_firmware*cpe:2.3:o:sharp:rx-clv2-b_firmware:*:*:*:*:*:*:*:*
sharprx-clv2-b-cpe:2.3:h:sharp:rx-clv2-b:-:*:*:*:*:*:*:*
sharprx-clv3-n_firmware*cpe:2.3:o:sharp:rx-clv3-n_firmware:*:*:*:*:*:*:*:*
sharprx-clv3-n-cpe:2.3:h:sharp:rx-clv3-n:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sharp	rx-v200_firmware	*	cpe:2.3:o:sharp:rx-v200_firmware::::::::
sharp	rx-v200	-	cpe:2.3:h:sharp:rx-v200:-:::::::*
sharp	rx-v100_firmware	*	cpe:2.3:o:sharp:rx-v100_firmware::::::::
sharp	rx-v100	-	cpe:2.3:h:sharp:rx-v100:-:::::::*
sharp	rx-clv1-p_firmware	*	cpe:2.3:o:sharp:rx-clv1-p_firmware::::::::
sharp	rx-clv1-p	-	cpe:2.3:h:sharp:rx-clv1-p:-:::::::*
sharp	rx-clv2-b_firmware	*	cpe:2.3:o:sharp:rx-clv2-b_firmware::::::::
sharp	rx-clv2-b	-	cpe:2.3:h:sharp:rx-clv2-b:-:::::::*
sharp	rx-clv3-n_firmware	*	cpe:2.3:o:sharp:rx-clv3-n_firmware::::::::
sharp	rx-clv3-n	-	cpe:2.3:h:sharp:rx-clv3-n:-:::::::*

CNA Affected

[
  {
    "product": "RX-V200 firmware",
    "vendor": "Sharp Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 09.87.17.09"
      }
    ]
  },
  {
    "product": "RX-V100 firmware",
    "vendor": "Sharp Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 03.29.17.09"
      }
    ]
  },
  {
    "product": "RX-CLV1-P firmware",
    "vendor": "Sharp Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 79.17.17.09"
      }
    ]
  },
  {
    "product": "RX-CLV2-B firmware",
    "vendor": "Sharp Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 89.07.17.09"
      }
    ]
  },
  {
    "product": "RX-CLV3-N firmware",
    "vendor": "Sharp Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 91.09.17.10"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN76382932/index.html

CVSS2

4.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:P/A:N

CVSS3

4.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

20.7%

JSON

Related for CVE-2017-10890