CVE-2017-14009

{"id": "CVE-2017-14009", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2017-10-17T22:29:00.323", "references": [{"url": "http://www.securityfocus.com/bid/101259", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An Information Exposure issue was discovered in ProMinent MultiFLEX M10a Controller web interface. When an authenticated user uses the Change Password feature on the application, the current password for the user is specified in plaintext. This may allow an attacker who has been authenticated to gain access to the password."}, {"lang": "es", "value": "Un problema de divulgaci\u00f3n de informaci\u00f3n se ha descubierto en la interfaz web de ProMinent MultiFLEX M10a Controller. Cuando un usuario autenticado usa la caracter\u00edstica Change Password en la aplicaci\u00f3n, la contrase\u00f1a actual para el usuario se especifica en texto plano. Esto podr\u00eda permitir que un atacante que se haya autenticado obtenga acceso a la contrase\u00f1a."}], "lastModified": "2019-10-09T23:23:43.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:prominent:multiflex_m10a_controller_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD9BF155-29F4-45CD-8F53-957AAB24FA2C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:prominent:multiflex_m10a_controller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C3AFF952-BF09-4A00-934A-F03D49D95E97"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}