CVE-2017-16241

Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command.

CVSS v3.0 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3.0 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.secureworks.com/research/advisory-2017-001	Third Party Advisory
https://hushcon.com/schedule.html	Not Applicable
https://github.com/lixmk/Concierge	Exploit

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:amag:en-1dbc_firmware:03.60:*:*:*:*:*:*:*

cpe:2.3:h:amag:en-1dbc:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:amag:std_firmware:03.60:*:*:*:*:*:*:*

cpe:2.3:h:amag:std:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:amag:en-2dbc_firmware:03.60:*:*:*:*:*:*:*

cpe:2.3:h:amag:en-2dbc:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:amag:std_firmware:01.00:*:*:*:*:*:*:*

cpe:2.3:h:amag:std:-:*:*:*:*:*:*:*

Information

Published : 2017-12-09 17:29

Updated : 2019-10-02 17:03

NVD link : CVE-2017-16241

Mitre link : CVE-2017-16241

JSON object : View

CWE

CWE-306

Missing Authentication for Critical Function

Advertisement

Products Affected

amag

en-2dbc_firmware
std
std_firmware
en-1dbc
en-1dbc_firmware
en-2dbc

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.secureworks.com/research/advisory-2017-001", "name": "https://www.secureworks.com/research/advisory-2017-001", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://hushcon.com/schedule.html", "name": "https://hushcon.com/schedule.html", "tags": ["Not Applicable"], "refsource": "MISC"}, {"url": "https://github.com/lixmk/Concierge", "name": "https://github.com/lixmk/Concierge", "tags": ["Exploit"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-306"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-16241", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2017-12-10T01:29Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:amag:en-1dbc_firmware:03.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:amag:en-1dbc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:amag:std_firmware:03.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:amag:std:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:amag:en-2dbc_firmware:03.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:amag:en-2dbc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:amag:std_firmware:01.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:amag:std:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-03T00:03Z"}