Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities
Informations
Name VU#355151 First vendor Publication 2017-03-07
Vendor VU-CERT Last vendor Modification 2017-03-07
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#355151

ACTi cameras models from the D, B, I, and E series contain multiple security vulnerabilities

Original Release date: 07 Mar 2017 | Last revised: 07 Mar 2017

Overview

According to the reporter, ACTi devices including D, B, I, and E series models using firmware version A1D-500-V6.11.31-AC are vulnerable to several issues.

Description

According to the reporter, multiple ACTi devices, including the D, B, I, and E series models, that use firmware version A1D-500-V6.11.31-AC are vulnerable to several issues. Other models may be affected.

CWE-306: Missing Authentication for Critical Function - CVE-2017-3184

The issue is due to the device failing to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186).

CWE-598: Information Exposure Through Query Strings in GET Request - CVE-2017-3185

The web application uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources.

CWE-521: Weak Password Requirements -CVE-2017-3186

Device uses non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.

For more information, please read the researcher's security advisory.

Impact

A remote unauthenticated attacker may be able to perform a factory reset of the device, gain access to sensitive information such as user account name or password, or utilize a known default root admin credential across all devices.

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
ACTi CorporationAffected20 Jan 201707 Mar 2017
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base10.0AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal8.5E:POC/RL:U/RC:UR
Environmental6.4CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • http://www.acti.com/
  • https://cwe.mitre.org/data/definitions/306.html
  • https://cwe.mitre.org/data/definitions/521.html
  • https://cwe.mitre.org/data/definitions/598.html

Credit

Thanks to Mandar Jadhav of the Qualys Vulnerability Signature/Research Team for reporting these vulnerabilities.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:CVE-2017-3184CVE-2017-3185CVE-2017-3186
  • Date Public:07 Mar 2017
  • Date First Published:07 Mar 2017
  • Date Last Updated:07 Mar 2017
  • Document Revision:23

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/355151

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-798 Use of Hard-coded Credentials (CWE/SANS Top 25)
33 % CWE-200 Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2018-01-02 21:24:25
  • Multiple Updates
2017-12-16 09:23:30
  • Multiple Updates
2017-03-07 21:21:40
  • First insertion