Lucene search

K
cve[email protected]CVE-2017-8334
HistoryJun 18, 2019 - 9:15 p.m.

CVE-2017-8334

2019-06-1821:15:09
CWE-352
web.nvd.nist.gov
78
cve-2017-8334
securifi almond
almond+
almond 2015
firmware al-r096
cross-site scripting
web management interface
nvd
security vulnerability

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.9%

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a cross-site scripting payload on the user’s browser and execute any action on the device provided by the web management interface.

Affected configurations

NVD
Node
securifialmond_2015_firmwareMatchal-r096
AND
securifialmond_2015Match-
Node
securifialmond\+firmwareMatchal-r096
AND
securifialmond\+Match-
Node
securifialmond_firmwareMatchal-r096
AND
securifialmondMatch-

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.9%

Related for CVE-2017-8334