CVE-2017-16544
Published at:
-
20-11-2017 04:29
Last modified:
-
20-06-2022 09:15
Total changes:
-
13
Description
Common Vulnerability Scoring System (CVSS)
Low
Attack complexity
Network
Attack vector
High
Availability
High
Confidentiality
High
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
8.8
Base score
2.8
5.9
Exploitability score
Impact score
Verification logic
Reference
- https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
- https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
- [debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update-Mailing List, Third Party Advisory
- USN-3935-1-Third Party Advisory
- 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series-Exploit, Mailing List, Third Party Advisory
- 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series-Exploit, Mailing List, Third Party Advisory
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X-Exploit, Mailing List, Third Party Advisory
- 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X-Exploit, Mailing List, Third Party Advisory
- http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
- http://www.vmware.com/security/advisories/VMSA-2019-0013.html
- http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html
- 20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client-Exploit, Mailing List, Third Party Advisory
- 20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S-Exploit, Mailing List, Third Party Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01
- 20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W-Exploit, Mailing List, Third Party Advisory
- 20210113 SEC Consult SA-20210113-0 :: Multiple vulnerabilities in Pepperl+Fuchs IO-Link Master Series-Exploit, Mailing List, Third Party Advisory
- [debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update-Mailing List, Third Party Advisory
- 20210819 SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series-Exploit, Mailing List, Third Party Advisory
- 20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series-
- http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
Keywords