CVE-2017-16786
Current Description
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.
Basic Data
| Published | December 19, 2017 |
|---|
| Last Modified | January 08, 2018 |
|---|
| Assigner | cve@mitre.org |
|---|
| Data Type | CVE |
|---|
| Data Format | MITRE |
|---|
| Data Version | 4.0 |
|---|
| Problem Type | CWE-200 |
|---|
| CVE Data Version | 4.0 |
|---|
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|
| CVSS 2 - Vector String | AV:N/AC:L/Au:S/C:C/I:N/A:N |
|---|
| CVSS 2 - Access Vector | NETWORK |
|---|
| CVSS 2 - Access Complexity | LOW |
|---|
| CVSS 2 - Authentication | SINGLE |
|---|
| CVSS 2 - Confidentiality Impact | COMPLETE |
|---|
| CVSS 2 - Availability Impact | NONE |
|---|
| CVSS 2 - Base Score | 6.8 |
|---|
| Severity | MEDIUM |
|---|
| Exploitability Score | 8.0 |
|---|
| Impact Score | 6.9 |
|---|
| Obtain All Privilege | false |
|---|
| Obtain User Privilege | false |
|---|
| Obtain Other Privilege | false |
|---|
Base Metric V3
| CVSS 3 - Version | 3.0 |
|---|
| CVSS 3 - Vector String | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|---|
| CVSS 3 - Attack Vector | NETWORK |
|---|
| CVSS 3 - Attack Complexity | LOW |
|---|
| CVSS 3 - Privileges Required | LOW |
|---|
| CVSS 3 - User Interaction | NONE |
|---|
| CVSS 3 - Scope | UNCHANGED |
|---|
| CVSS 3 - Confidentiality Impact | HIGH |
|---|
| CVSS 3 - Integrity Impact | NONE |
|---|
| CVSS 3 - Availability Impact | NONE |
|---|
| CVSS 3 - Base Score | 6.5 |
|---|
| CVSS 3 - Base Severity | MEDIUM |
|---|
| Exploitability Score | 2.8 |
|---|
| Base Severity | MEDIUM |
|---|
Configurations
-
AND
-
OR - Configuration 1
| Cpe Version | Part | Vendor | Product | Version | Update | Edition | Language | SW Edition | Target SW | Target HW | Other | Version Start Including | Version End Including | Version Start Excluding | Version End Excluding |
|---|
| 2.3 | OS | Meinbergglobal | Lantime Firmware | * | * | * | * | * | * | * | * | � | 6.24.003 | � | � |
-
OR Running on/with:
| Cpe Version | Part | Vendor | Product | Version | Update | Edition | Language | SW Edition | Target SW | Target HW | Other | Version Start Including | Version End Including | Version Start Excluding | Version End Excluding |
|---|
| 2.3 | Hardware | Meinbergglobal | Lantime M100 | - | * | * | * | * | * | * | * | � | � | � | � |
| 2.3 | Hardware | Meinbergglobal | Lantime M1000 | - | * | * | * | * | * | * | * | � | � | � | � |
| 2.3 | Hardware | Meinbergglobal | Lantime M200 | - | * | * | * | * | * | * | * | � | � | � | � |
| 2.3 | Hardware | Meinbergglobal | Lantime M300 | - | * | * | * | * | * | * | * | � | � | � | � |
| 2.3 | Hardware | Meinbergglobal | Lantime M3000 | - | * | * | * | * | * | * | * | � | � | � | � |
| 2.3 | Hardware | Meinbergglobal | Lantime M400 | - | * | * | * | * | * | * | * | � | � | � | � |
| 2.3 | Hardware | Meinbergglobal | Lantime M500 | - | * | * | * | * | * | * | * | � | � | � | � |
| 2.3 | Hardware | Meinbergglobal | Lantime M600 | - | * | * | * | * | * | * | * | � | � | � | � |
| 2.3 | Hardware | Meinbergglobal | Lantime M900 | - | * | * | * | * | * | * | * | � | � | � | � |
Vulnerable Software List
References
| Name | Source | URL | Tags |
|---|
| http://packetstormsecurity.com/files/145388/Meinberg-LANTIME-Web-Configuration-Utility-6.16.008-Arbitrary-File-Read.html | http://packetstormsecurity.com/files/145388/Meinberg-LANTIME-Web-Configuration-Utility-6.16.008-Arbi | MISC | Issue Tracking Third Party Advisory VDB Entry |
| 20171215 Re: Meinberg LANTIME Web Configuration Utility - Arbitrary File Read | http://seclists.org/fulldisclosure/2017/Dec/50 | FULLDISC | Issue Tracking Mailing List Third Party Advisory |
Follow @discotekdotca