Lucene search

[email protected]NVD:CVE-2017-17704

HistoryDec 31, 2017 - 2:29 a.m.

CVE-2017-17704

2017-12-3102:29:01

CWE-330

[email protected]

web.nvd.nist.gov

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0.001

Percentile

44.7%

JSON

A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible.

Affected configurations

Nvd

Node

swhouseistar_ultra_firmwareRange≤6.5.2.20569

AND

swhouseistar_ultraMatch-

References

systemoverlord.com/2017/12/18/cve-2017-17704-broken-cryptography-in-istar-ultra-ip-acm-by-software-house.html

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0.001

Percentile

44.7%

JSON

Related for NVD:CVE-2017-17704

cvelist1 cve1 prion1