CVE-2017-20023
Summary
| CVE | CVE-2017-20023 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-06-09 23:15:00 UTC |
| Updated | 2022-06-17 19:12:00 UTC |
| Description | A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Solar-log | Solar-log 1000 | - | All | All | All |
| Operating System | Solar-log | Solar-log 1000 Firmware | 2.8.4-56 | All | All | All |
| Operating System | Solar-log | Solar-log 1000 Firmware | 3.5.2-85 | All | All | All |
| Hardware | Solar-log | Solar-log 1000 Pm | - | All | All | All |
| Operating System | Solar-log | Solar-log 1000 Pm Firmware | 2.8.4-56 | All | All | All |
| Operating System | Solar-log | Solar-log 1000 Pm Firmware | 3.5.2-85 | All | All | All |
| Hardware | Solar-log | Solar-log 1200 | - | All | All | All |
| Operating System | Solar-log | Solar-log 1200 Firmware | 2.8.4-56 | All | All | All |
| Operating System | Solar-log | Solar-log 1200 Firmware | 3.5.2-85 | All | All | All |
| Hardware | Solar-log | Solar-log 2000 | - | All | All | All |
| Operating System | Solar-log | Solar-log 2000 Firmware | 2.8.4-56 | All | All | All |
| Operating System | Solar-log | Solar-log 2000 Firmware | 3.5.2-85 | All | All | All |
| Hardware | Solar-log | Solar-log 250 | - | All | All | All |
| Operating System | Solar-log | Solar-log 250 Firmware | 2.8.4-56 | All | All | All |
| Operating System | Solar-log | Solar-log 250 Firmware | 3.5.2-85 | All | All | All |
| Hardware | Solar-log | Solar-log 300 | - | All | All | All |
| Operating System | Solar-log | Solar-log 300 Firmware | 2.8.4-56 | All | All | All |
| Operating System | Solar-log | Solar-log 300 Firmware | 3.5.2-85 | All | All | All |
| Hardware | Solar-log | Solar-log 500 | - | All | All | All |
| Operating System | Solar-log | Solar-log 500 Firmware | 2.8.4-56 | All | All | All |
| Operating System | Solar-log | Solar-log 500 Firmware | 3.5.2-85 | All | All | All |
| Hardware | Solar-log | Solar-log 800e | - | All | All | All |
| Operating System | Solar-log | Solar-log 800e Firmware | 2.8.4-56 | All | All | All |
| Operating System | Solar-log | Solar-log 800e Firmware | 3.5.2-85 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Full Disclosure: SEC Consult SA-20170322-0 :: Multiple vulnerabilities in Solare Datensysteme Solar-Log devices | MISC | seclists.org | |
| CVE-2017-20023 | Solare Solar-Log Network Config privileges management | MISC | vuldb.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.