8.1 - CVE-2017-3217

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2017-3217	First vendor Publication	2018-07-24
Vendor	Cve	Last vendor Modification	2019-10-09

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score	8.1
Base Score	8.1	Environmental Score	8.1
impact SubScore	5.9	Temporal Score	8.1
Exploitabality Sub Score	2.2

Attack Vector	Network	Attack Complexity	High
Privileges Required	None	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker only needs to know the phone number of the device (via an IMSI Catcher, for example) to send administrative commands to the device. These commands can be used to provide ongoing, real-time access to the device and can configure parameters such as IP addresses, firewall rules, and passwords.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3217

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-306	Missing Authentication for Critical Function (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Os	Calamp Lmu 3030 Cdma Firmware cpe:2.3:o:calamp:lmu_3030_cdma_firmware:-:::::::*	1
Os	Calamp Lmu 3030 Gsm Firmware cpe:2.3:o:calamp:lmu_3030_gsm_firmware:-:::::::*	1
Os	Calamp Lmu 3030 Obd-Ii Firmware cpe:2.3:o:calamp:lmu_3030_obd-ii_firmware:-:::::::*	1

Sources (Detail)

Source	Url
BID	https://www.securityfocus.com/bid/98964
CERT-VN	https://www.kb.cert.org/vuls/id/251927

Alert History

If you want to see full details history, please login or register.

Date	Informations
2020-05-23 01:00:17	Multiple Updates
2019-10-10 05:19:57	Multiple Updates
2018-10-05 17:19:30	Multiple Updates
2018-07-24 21:19:44	First insertion

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	3
Sources(s)	2

	Related
9.3	VU#251927
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)