CVE-2017-14021 — CRITICAL (9.8)

Vulnerability Description

A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Korenix	Jetnet5018G Firmware	1.4
Korenix	Jetnet 5018G	-
Korenix	Jetnet5310G Firmware	1.4a
Korenix	Jetnet 5310G	-
Korenix	Jetnet5428G-2G-2Fx Firmware	1.4
Korenix	Jetnet 5428G-2G-2Fx	-
Korenix	Jetnet5628G Firmware	1.4
Korenix	Jetnet 5628G	-
Korenix	Jetnet5628G-R Firmware	1.4
Korenix	Jetnet 5628G-R	-
Korenix	Jetnet5728G-24P Firmware	1.4
Korenix	Jetnet 5728G-24P	-
Korenix	Jetnet5828G Firmware	1.1d
Korenix	Jetnet 5828G	-
Korenix	Jetnet6710G Firmware	1.1
Korenix	Jetnet 6710G	-
Korenix	Jetnet6710G-Hvdc Firmware	11e
Korenix	Jetnet 6710G-Hvdc	-

Related Weaknesses (CWE)

CWE-321 CWE-798

References

http://www.securityfocus.com/bid/101598Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/101598Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2017-14021?

CVE-2017-14021 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G v...

How severe is CVE-2017-14021?

CVE-2017-14021 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-14021?

Check the references section above for vendor advisories and patch information. Affected products include: Korenix Jetnet5018G Firmware, Korenix Jetnet 5018G, Korenix Jetnet5310G Firmware, Korenix Jetnet 5310G, Korenix Jetnet5428G-2G-2Fx Firmware.