CVE-2017-18923

Published Jul 29, 2020

Last updated 4 years ago

CVSS high 7.5

Overview

Description: beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-74

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:beronet:bf16001e1box:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "92542C47-7C84-497E-B008-CFEFF1F5808C"
          },
          {
            "criteria": "cpe:2.3:h:beronet:bf16001t1box:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "41923990-1DFB-4DC3-90AD-E8B4903D6E20"
          },
          {
            "criteria": "cpe:2.3:h:beronet:bf4001e1box:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E26F9826-BF11-4BEC-ADCD-56E117E61B2E"
          },
          {
            "criteria": "cpe:2.3:h:beronet:bf4001t1box:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A1ED34D1-80E7-47CD-A48C-4E68260E788F"
          },
          {
            "criteria": "cpe:2.3:h:beronet:bf64002e1box:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A48CDAAE-0B32-4B4A-933A-F4295E99B9D0"
          },
          {
            "criteria": "cpe:2.3:h:beronet:bf64002t1box:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2D617773-71E4-4FB8-8B73-DE9619BD6C63"
          },
          {
            "criteria": "cpe:2.3:h:beronet:bfsb1s0:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9A187A2F-7D37-41D5-9BF1-A46837DC61CD"
          },
          {
            "criteria": "cpe:2.3:h:beronet:bfsb2hy:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "67D346B0-8AD2-4EE6-A2EC-F09ACFC1D153"
          },
          {
            "criteria": "cpe:2.3:h:beronet:bfsb2s0:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2010A08A-9C0D-4F11-BEA9-AA0900911E64"
          },
          {
            "criteria": "cpe:2.3:h:beronet:bfsb2s02xo:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "291EE6F7-5B9C-47F6-A282-0A6CDC4D729E"
          },
          {
            "criteria": "cpe:2.3:h:beronet:bfsb4xo:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BA29D448-F80E-411E-94B9-DB5D8991F3D1"
          },
          {
            "criteria": "cpe:2.3:h:beronet:bfsb4xo4xs:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D16E8732-AA00-4662-9DEF-2433110F8B99"
          },
          {
            "criteria": "cpe:2.3:h:beronet:bfsb4xs:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "20051927-AFE0-42E1-A8A8-89E651786A5D"
          },
          {
            "criteria": "cpe:2.3:h:beronet:bn16fxsfax_b:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9989C947-95C8-4B2E-9ACF-297E985002C0"
          },
          {
            "criteria": "cpe:2.3:h:beronet:bn16fxsfax_c:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4E167633-77E9-44E4-B5B5-ECCC3C0FABA4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:beronet:voice_over_internet_protocol_gateways_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A52452B-5C05-4FBB-B74B-8C67308622E2",
            "versionEndExcluding": "3.0.16",
            "versionStartIncluding": "2.0.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References