Sign-up

ID

VAR-201706-0833


CVE

CVE-2017-9097


TITLE

plural NetBiter Used in products Antiweb Path traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-005240

DESCRIPTION

In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file. plural NetBiter Used in products Antiweb Contains a path traversal vulnerability.Information may be obtained and information may be altered

Trust: 1.62

sources: NVD: CVE-2017-9097 // JVNDB: JVNDB-2017-005240

AFFECTED PRODUCTS

vendor:hoytechmodel:antiwebscope:lteversion:3.8.7

Trust: 1.8

vendor:hoytechmodel:antiwebscope:eqversion:3.8.1

Trust: 1.6

vendor:hoytechmodel:antiwebscope:eqversion:3.8.3

Trust: 1.6

vendor:hoytechmodel:antiwebscope:eqversion:3.7.1

Trust: 1.6

vendor:hoytechmodel:antiwebscope:eqversion:3.8.4

Trust: 1.6

vendor:hoytechmodel:antiwebscope:eqversion:3.6.1

Trust: 1.6

vendor:hoytechmodel:antiwebscope:eqversion:3.8.2

Trust: 1.6

vendor:hoytechmodel:antiwebscope:eqversion:3.7.2

Trust: 1.6

vendor:hoytechmodel:antiwebscope:eqversion:3.3.5

Trust: 1.6

vendor:hoytechmodel:antiwebscope:eqversion:3.8.5

Trust: 1.6

vendor:hoytechmodel:antiwebscope:eqversion:3.0.7

Trust: 1.0

vendor:hoytechmodel:antiwebscope:eqversion:3.8.7

Trust: 0.6

sources: JVNDB: JVNDB-2017-005240 // CNNVD: CNNVD-201705-1027 // NVD: CVE-2017-9097

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9097
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-9097
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201705-1027
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-9097
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2017-9097
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2017-005240 // CNNVD: CNNVD-201705-1027 // NVD: CVE-2017-9097

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2017-005240 // NVD: CVE-2017-9097

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-1027

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201705-1027

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-005240

PATCH
title:antiweburl:https://github.com/hoytech/antiweb
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-005240

EXTERNAL IDS
db:NVDid:CVE-2017-9097
Trust: 2.4
db:JVNDBid:JVNDB-2017-005240
Trust: 0.8
db:CNNVDid:CNNVD-201705-1027
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-005240 // 
            
            
            
            CNNVD: CNNVD-201705-1027 // 
            
            
            
            NVD: CVE-2017-9097

REFERENCES
url:https://github.com/ezelf/industrial_tools/tree/master/scadas_server_antiweb/lfi
Trust: 2.4
url:http://misteralfa-hack.blogspot.cl/2017/05/apps-industrial-ot-over-server-anti-web.html
Trust: 1.6
url:https://www.netbiter.com/docs/default-source/netbiter-english/software/hms-security-advisory-2017-05-24-001-ws100-ws200-ec150-ec250.zip
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9097
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-9097
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-005240 // 
            
            
            
            CNNVD: CNNVD-201705-1027 // 
            
            
            
            NVD: CVE-2017-9097

SOURCES
db:JVNDBid:JVNDB-2017-005240
db:CNNVDid:CNNVD-201705-1027
db:NVDid:CVE-2017-9097

LAST UPDATE DATE
2024-11-23T22:59:17.638000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2017-005240date:2017-07-21T00:00:00
db:CNNVDid:CNNVD-201705-1027date:2017-07-03T00:00:00
db:NVDid:CVE-2017-9097date:2024-11-21T03:35:18.730

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2017-005240date:2017-07-21T00:00:00
db:CNNVDid:CNNVD-201705-1027date:2017-05-23T00:00:00
db:NVDid:CVE-2017-9097date:2017-06-16T03:29:00.187