CVE-2017-9133 - Vulnerability Details - OpenCVE

An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which host to ping, but this variable is not sanitized server-side, which allows an attacker to pass a specially crafted string to execute shell commands as the root user.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mimosa	Backhaul Radios Client Radios

Configuration 1 [-]

OR	cpe:2.3:o:mimosa:backhaul_radios::::::::
	cpe:2.3:o:mimosa:client_radios::::::::

No data.

References

Link	Providers
http://blog.iancaling.com/post/160596244178

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-05-21T21:00:00

Updated: 2024-08-05T16:55:22.367Z

Reserved: 2017-05-21T00:00:00

Link: CVE-2017-9133

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-05-21T21:29:00.253

Modified: 2024-11-21T03:35:23.847

Link: CVE-2017-9133

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-05-21T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which host to ping, but this variable is not sanitized server-side, which allows an attacker to pass a specially crafted string to execute shell commands as the root user."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-05-21T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://blog.iancaling.com/post/160596244178"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9133", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which host to ping, but this variable is not sanitized server-side, which allows an attacker to pass a specially crafted string to execute shell commands as the root user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://blog.iancaling.com/post/160596244178", "refsource": "MISC", "url": "http://blog.iancaling.com/post/160596244178"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T16:55:22.367Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.iancaling.com/post/160596244178"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9133", "datePublished": "2017-05-21T21:00:00", "dateReserved": "2017-05-21T00:00:00", "dateUpdated": "2024-08-05T16:55:22.367Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mimosa:backhaul_radios:*:*:*:*:*:*:*:*", "matchCriteriaId": "F469E35D-A0BC-4E8D-8CD6-F5BF223F7823", "versionEndIncluding": "2.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:mimosa:client_radios:*:*:*:*:*:*:*:*", "matchCriteriaId": "30E63E47-17AF-470D-8C30-19FAE29B1828", "versionEndIncluding": "2.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which host to ping, but this variable is not sanitized server-side, which allows an attacker to pass a specially crafted string to execute shell commands as the root user."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Mimosa Client Radios anterior a versi\u00f3n 2.2.3 y Mimosa Backhaul Radios anterior a versi\u00f3n 2.2.3. En la interfaz web del dispositivo, despu\u00e9s de iniciar sesi\u00f3n, existe una p\u00e1gina que permite hacer ping a otros hosts desde el dispositivo y visualizar los resultados. El usuario puede especificar a qu\u00e9 host hacer ping, pero esta variable no est\u00e1 saneada del lado del servidor, lo que permite a un atacante pasar una cadena especialmente dise\u00f1ada para ejecutar comandos de shell como usuario root."}], "id": "CVE-2017-9133", "lastModified": "2024-11-21T03:35:23.847", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-21T21:29:00.253", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://blog.iancaling.com/post/160596244178"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://blog.iancaling.com/post/160596244178"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}