CVE-2017-16786

Current Description

The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.

Basic Data

PublishedDecember 19, 2017
Last ModifiedJanuary 08, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-200
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:S/C:C/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.0
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 3 - Attack VectorNETWORK
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredLOW
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactNONE
CVSS 3 - Availability ImpactNONE
CVSS 3 - Base Score6.5
CVSS 3 - Base SeverityMEDIUM
Exploitability Score2.8
Base SeverityMEDIUM

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSMeinbergglobalLantime Firmware********6.24.003
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareMeinbergglobalLantime M100-*******
      2.3HardwareMeinbergglobalLantime M1000-*******
      2.3HardwareMeinbergglobalLantime M200-*******
      2.3HardwareMeinbergglobalLantime M300-*******
      2.3HardwareMeinbergglobalLantime M3000-*******
      2.3HardwareMeinbergglobalLantime M400-*******
      2.3HardwareMeinbergglobalLantime M500-*******
      2.3HardwareMeinbergglobalLantime M600-*******
      2.3HardwareMeinbergglobalLantime M900-*******

Vulnerable Software List

VendorProductVersions
Meinbergglobal Lantime Firmware *

References

NameSourceURLTags
http://packetstormsecurity.com/files/145388/Meinberg-LANTIME-Web-Configuration-Utility-6.16.008-Arbitrary-File-Read.htmlhttp://packetstormsecurity.com/files/145388/Meinberg-LANTIME-Web-Configuration-Utility-6.16.008-ArbiMISCIssue Tracking Third Party Advisory VDB Entry
20171215 Re: Meinberg LANTIME Web Configuration Utility - Arbitrary File Readhttp://seclists.org/fulldisclosure/2017/Dec/50FULLDISCIssue Tracking Mailing List Third Party Advisory