CVE-2017-6911

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://seclists.org/fulldisclosure/2017/Mar/43", "name": "20170316 USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "FULLDISC"}, {"url": "http://packetstormsecurity.com/files/141651/USB-Pratirodh-Insecure-Password-Storage.html", "name": "http://packetstormsecurity.com/files/141651/USB-Pratirodh-Insecure-Password-Storage.html", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/96970", "name": "96970", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.securityfocus.com/archive/1/540289/100/0/threaded", "name": "20170316 CVE-2017-6911: USB Pratirodh Insecure Password Storage Information Disclosure Vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such as username and password in simple usb.xml. An attacker with physical access to the system can modify the file according his own requirements that may aid in further attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-922"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-6911", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "acInsufInfo": true, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}}, "publishedDate": "2017-03-23T20:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:usb_pratirodh_project:usb_pratirodh:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-03T00:03Z"}