Vulnerability Description
An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Loytec | Lvis-3Me Firmware | <= 6.1.1 |
| Loytec | Lvis-3Me | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100847Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/100847Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-13992?
CVE-2017-13992 is a vulnerability with a CVSS score of 8.1 (HIGH). An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mec...
How severe is CVE-2017-13992?
CVE-2017-13992 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-13992?
Check the references section above for vendor advisories and patch information. Affected products include: Loytec Lvis-3Me Firmware, Loytec Lvis-3Me.