CVE-2017-16241

Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/lixmk/Concierge	Exploit
https://hushcon.com/schedule.html	Not Applicable
https://www.secureworks.com/research/advisory-2017-001	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:amag:en-1dbc_firmware:03.60:*:*:*:*:*:*:*

cpe:2.3:h:amag:en-1dbc:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:amag:std_firmware:03.60:*:*:*:*:*:*:*

cpe:2.3:h:amag:std:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:amag:en-2dbc_firmware:03.60:*:*:*:*:*:*:*

cpe:2.3:h:amag:en-2dbc:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:amag:std_firmware:01.00:*:*:*:*:*:*:*

cpe:2.3:h:amag:std:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-12-10 01:29

Updated : 2023-12-10 12:15

NVD link : CVE-2017-16241

Mitre link : CVE-2017-16241

CVE.ORG link : CVE-2017-16241

JSON object : View

Products Affected

amag

std
std_firmware
en-2dbc_firmware
en-1dbc
en-1dbc_firmware
en-2dbc

CWE

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2017-16241", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-12-10T01:29:00.190", "references": [{"url": "https://github.com/lixmk/Concierge", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://hushcon.com/schedule.html", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "https://www.secureworks.com/research/advisory-2017-001", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command."}, {"lang": "es", "value": "El control de acceso incorrecto en AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 y STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 y STD App 2461 01.00) permite que atacantes remotos ejecuten comandos de controlador de puertas (por ejemplo, lock, unlock, add ID card value) mediante el env\u00edo de peticiones no autenticadas a los dispositivos afectados mediante Serial por TCP/IP, tal y como demuestra un comando Ud."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:amag:en-1dbc_firmware:03.60:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46B31B9E-2F5F-4906-B9BD-944AA8C7326C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:amag:en-1dbc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "549C9CA6-CB0A-476C-B8FF-5FA011DDB3CA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:amag:std_firmware:03.60:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEDC2299-8EDC-4DDB-9CB3-6B0C0695B834"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:amag:std:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "38ACC405-3471-408A-ADAB-86AF96664FAD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:amag:en-2dbc_firmware:03.60:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BDAF16C-D1E0-4EDA-A7B4-F8D79C17B640"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:amag:en-2dbc:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "80A5D338-FFFC-41BF-9DD6-D41BB3A451CA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:amag:std_firmware:01.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4353787-C479-406C-B645-2124922DA7EC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:amag:std:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "38ACC405-3471-408A-ADAB-86AF96664FAD"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}