Vulnerability Details CVE-2017-16786
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.2%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 6.8
References
- http://packetstormsecurity.com/files/145388/Meinberg-LANTIME-Web-Configuration-Utility-6.16.008-Arbitrary-File-Read.html
- http://seclists.org/fulldisclosure/2017/Dec/50
- http://packetstormsecurity.com/files/145388/Meinberg-LANTIME-Web-Configuration-Utility-6.16.008-Arbitrary-File-Read.html
- http://seclists.org/fulldisclosure/2017/Dec/50
Products affected by CVE-2017-16786
-
cpe:2.3:h:meinbergglobal:lantime_m1000:-
-
cpe:2.3:h:meinbergglobal:lantime_m100:-
-
cpe:2.3:h:meinbergglobal:lantime_m200:-
-
cpe:2.3:h:meinbergglobal:lantime_m3000:-
-
cpe:2.3:h:meinbergglobal:lantime_m300:-
-
cpe:2.3:h:meinbergglobal:lantime_m400:-
-
cpe:2.3:h:meinbergglobal:lantime_m500:-
-
cpe:2.3:h:meinbergglobal:lantime_m600:-
-
cpe:2.3:h:meinbergglobal:lantime_m900:-
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.001
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.002
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.003
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.004
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.005
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.006
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.007
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.008
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.009
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.010
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.011
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.17.001
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.17.002
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.17.003
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.17.004
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.17.005
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.17.006
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.17.007
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.17.008
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.001
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.002
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.003
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.004
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.005
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.006
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.007
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.008
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.009
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.010
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.011
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.012
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.013
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.014
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.015
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.016
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.017
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.018
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.19.001
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.19.002
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.19.003
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.19.004
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.19.005
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.001
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.002
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.003
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.004
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.005
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.006
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.007
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.008
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.009
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.010
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.011
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.012
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.013
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.014
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.015
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.016
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.017
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.018
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.019
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.020
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.021
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.022
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.023
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.22.001
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.22.002
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.22.003
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.22.004
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.22.005
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.22.006
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.24.001
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.24.002
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.24.003