CVE-2017-17023 - Vulnerability Details - OpenCVE

The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ncp-e	Ncp Secure Entry Client
Sophos	Ipsec Client

Configuration 1 [-]

OR	cpe:2.3:a:ncp-e:ncp_secure_entry_client:10.11:32792::::windows::*
	cpe:2.3:a:sophos:ipsec_client:11.04:::::::*

No data.

References

Link	Providers
https://www.ncp-e.com/en/resources/download-vpn-client/#c8680
https://www.ncp-e.com/fileadmin/pdf/service_support/release_notes/NCP_Secure_Clients/NCP_Secure_Entry_Client/NCP_RN_Win_Secure_Entry_Client_11_14_r42039_en.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-04-09T17:13:22

Updated: 2024-08-05T20:43:59.583Z

Reserved: 2017-11-27T00:00:00

Link: CVE-2017-17023

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-04-09T18:29:00.280

Modified: 2024-11-21T03:17:21.933

Link: CVE-2017-17023

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-12-01T00:00:00", "descriptions": [{"lang": "en", "value": "The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, \"Sophos IPSec Client\" 11.04 is a rebranded version of NCP \"Secure Entry Client\" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-09T17:13:22", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.ncp-e.com/en/resources/download-vpn-client/#c8680"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.ncp-e.com/fileadmin/pdf/service_support/release_notes/NCP_Secure_Clients/NCP_Secure_Entry_Client/NCP_RN_Win_Secure_Entry_Client_11_14_r42039_en.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-17023", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, \"Sophos IPSec Client\" 11.04 is a rebranded version of NCP \"Secure Entry Client\" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.ncp-e.com/en/resources/download-vpn-client/#c8680", "refsource": "MISC", "url": "https://www.ncp-e.com/en/resources/download-vpn-client/#c8680"}, {"name": "https://www.ncp-e.com/fileadmin/pdf/service_support/release_notes/NCP_Secure_Clients/NCP_Secure_Entry_Client/NCP_RN_Win_Secure_Entry_Client_11_14_r42039_en.pdf", "refsource": "CONFIRM", "url": "https://www.ncp-e.com/fileadmin/pdf/service_support/release_notes/NCP_Secure_Clients/NCP_Secure_Entry_Client/NCP_RN_Win_Secure_Entry_Client_11_14_r42039_en.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:43:59.583Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.ncp-e.com/en/resources/download-vpn-client/#c8680"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ncp-e.com/fileadmin/pdf/service_support/release_notes/NCP_Secure_Clients/NCP_Secure_Entry_Client/NCP_RN_Win_Secure_Entry_Client_11_14_r42039_en.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17023", "datePublished": "2019-04-09T17:13:22", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2024-08-05T20:43:59.583Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ncp-e:ncp_secure_entry_client:10.11:32792:*:*:*:windows:*:*", "matchCriteriaId": "C3154F49-4D0F-46DF-B81F-59F4A24A8790", "vulnerable": true}, {"criteria": "cpe:2.3:a:sophos:ipsec_client:11.04:*:*:*:*:*:*:*", "matchCriteriaId": "0A81C85C-AD5F-4A7E-8E12-2B396AFCDEC8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, \"Sophos IPSec Client\" 11.04 is a rebranded version of NCP \"Secure Entry Client\" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it."}, {"lang": "es", "value": "El Endpoint UTM VPN de Sophos interact\u00faa con el software de cliente proporcionado por NPC Engineering (www.ncp-e.com). El software cliente afectado, \"Sophos IPSec Client\" versi\u00f3n 11.04 es una versi\u00f3n rebautizada de NCP \"Secure Entry Client\" versi\u00f3n 10.11 r32792. Una vulnerabilidad en la funci\u00f3n software update del cliente VPN permite que un atacante man-in-the-middle (MITM) o man-on-the-side (MOTS) ejecute software malicioso y arbitrario en el equipo de un usuario de destino. Esto est\u00e1 relacionado con SIC_V versi\u00f3n 11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP) y ncpmon.exe (tanto Sophos como NCP). La vulnerabilidad existe porque: (1) el cliente VPN solicita metadatos de actualizaci\u00f3n por medio de una conexi\u00f3n HTTP no segura; y (2) el software cliente no comprueba si la actualizaci\u00f3n de software est\u00e1 firmada previo a ejecutarla."}], "id": "CVE-2017-17023", "lastModified": "2024-11-21T03:17:21.933", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-09T18:29:00.280", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.ncp-e.com/en/resources/download-vpn-client/#c8680"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.ncp-e.com/fileadmin/pdf/service_support/release_notes/NCP_Secure_Clients/NCP_Secure_Entry_Client/NCP_RN_Win_Secure_Entry_Client_11_14_r42039_en.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ncp-e.com/en/resources/download-vpn-client/#c8680"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ncp-e.com/fileadmin/pdf/service_support/release_notes/NCP_Secure_Clients/NCP_Secure_Entry_Client/NCP_RN_Win_Secure_Entry_Client_11_14_r42039_en.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "nvd@nist.gov", "type": "Primary"}]}