CVE-2017-16241
CVSS V2 Medium 5
CVSS V3 High 7.5
Description
Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command.
Overview
- CVE ID
- CVE-2017-16241
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2017-12-10T01:29:00
- Last Modified Date
- 2019-10-03T00:03:26
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:o:amag:en-1dbc_firmware:03.60:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:amag:en-1dbc:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:amag:std_firmware:03.60:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:amag:std:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:amag:en-2dbc_firmware:03.60:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:amag:en-2dbc:-:*:*:*:*:*:*:* | 0 | OR | ||
| AND | ||||
| cpe:2.3:o:amag:std_firmware:01.00:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:amag:std:-:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:N/I:P/A:N
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- NONE
- Integrity Impact
- PARTIAL
- Availability Impact
- NONE
- Base Score
- 5
- Severity
- MEDIUM
- Exploitability Score
- 10
- Impact Score
- 2.9
CVSS Version 3
- Version
- 3.0
- Vector String
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- NONE
- Availability Impact
- NONE
- Base Score
- 7.5
- Base Severity
- HIGH
- Exploitability Score
- 3.9
- Impact Score
- 3.6
References
| Reference URL | Reference Tags |
|---|---|
| https://www.secureworks.com/research/advisory-2017-001 | Third Party Advisory |
| https://hushcon.com/schedule.html | Not Applicable |
| https://github.com/lixmk/Concierge | Exploit |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2017-16241 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16241 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 17:23:36 | Added to TrackCVE | |||
| 2022-12-02 23:52:02 | 2017-12-10T01:29Z | 2017-12-10T01:29:00 | CVE Published Date | updated |
| 2022-12-02 23:52:02 | 2019-10-03T00:03:26 | CVE Modified Date | updated | |
| 2022-12-02 23:52:02 | Analyzed | Vulnerability Status | updated |