Lucene search

[email protected]CVE-2017-5242

HistoryJan 12, 2023 - 10:15 p.m.

CVE-2017-5242

2023-01-1222:15:09

CWE-330

CWE-321

[email protected]

web.nvd.nist.gov

cve-2017-5242

nexpose

insightvm

virtual appliances

ssh

host keys

nvd

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

6.8 Medium

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

27.3%

JSON

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots.

CPENameOperatorVersion
rapid7:insightvmrapid7 insightvmle2017-05-03

CPE	Name	Operator	Version
rapid7:insightvm	rapid7 insightvm	le	2017-05-03

References

www.rapid7.com/blog/post/2017/05/17/rapid7-nexpose-virtual-appliance-duplicate-ssh-host-key-cve-2017-5242/

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

6.8 Medium

AI Score

Confidence

Low

3.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

27.3%

JSON

Related for CVE-2017-5242

prion1 rapid7community1 cvelist1