CVE-2017-9387

CVSS V2 Low 3.5 CVSS V3 Medium 5.4
Description
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called relay.sh which is used for creating new SSH relays for the device so that the device connects to Vera servers. All the parameters passed in this specific script are logged to a log file called log.relay in the /tmp folder. The user can also read all the log files from the device using a script called log.sh. However, when the script loads the log files it displays them with content-type text/html and passes all the logs through the ansi2html binary which converts all the character text including HTML meta-characters correctly to be displayed in the browser. This allows an attacker to use the log files as a storing mechanism for the XSS payload and thus whenever a user navigates to that log.sh script, it enables the XSS payload and allows an attacker to execute his malicious payload on the user's browser.
Overview
  • CVE ID
  • CVE-2017-9387
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2019-06-17T20:15:09
  • Last Modified Date
  • 2019-06-20T14:27:19
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:getvera:veraedge_firmware:*:*:*:*:*:*:*:* 1 OR 1.7.19
cpe:2.3:h:getvera:veraedge:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:getvera:veralite_firmware:*:*:*:*:*:*:*:* 1 OR 1.7.481
cpe:2.3:h:getvera:veralite:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:S/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 3.5
  • Severity
  • LOW
  • Exploitability Score
  • 6.8
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • LOW
  • User Interaction
  • REQUIRED
  • Scope
  • CHANGED
  • Confidentiality Impact
  • LOW
  • Availability Impact
  • NONE
  • Base Score
  • 5.4
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.3
  • Impact Score
  • 2.7
References
Reference URL Reference Tags
https://seclists.org/bugtraq/2019/Jun/8 Mailing List Third Party Advisory
https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Vera_sec_issues.pdf Exploit Third Party Advisory
History
Created Old Value New Value Data Type Notes
2022-05-10 07:49:53 Added to TrackCVE
2022-12-03 22:11:07 2019-06-17T20:15Z 2019-06-17T20:15:09 CVE Published Date updated
2022-12-03 22:11:07 2019-06-20T14:27:19 CVE Modified Date updated
2022-12-03 22:11:07 Analyzed Vulnerability Status updated