1. Home
  2. CVE Database
  3. CVE-2017-20023
MEDIUM · 6.3

CVE-2017-20023

A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privil...

Vulnerability Description

A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
Solar-LogSolar-Log 250 Firmware2.8.4-56
Solar-LogSolar-Log 250-
Solar-LogSolar-Log 300 Firmware2.8.4-56
Solar-LogSolar-Log 300-
Solar-LogSolar-Log 500 Firmware2.8.4-56
Solar-LogSolar-Log 500-
Solar-LogSolar-Log 800E Firmware2.8.4-56
Solar-LogSolar-Log 800E-
Solar-LogSolar-Log 1000 Firmware2.8.4-56
Solar-LogSolar-Log 1000-
Solar-LogSolar-Log 1000 Pm\+ Firmware2.8.4-56
Solar-LogSolar-Log 1000 Pm\+-
Solar-LogSolar-Log 1200 Firmware2.8.4-56
Solar-LogSolar-Log 1200-
Solar-LogSolar-Log 2000 Firmware2.8.4-56
Solar-LogSolar-Log 2000-

Related Weaknesses (CWE)

CWE-269

References

FAQ

What is CVE-2017-20023?

CVE-2017-20023 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privil...

How severe is CVE-2017-20023?

CVE-2017-20023 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-20023?

Check the references section above for vendor advisories and patch information. Affected products include: Solar-Log Solar-Log 250 Firmware, Solar-Log Solar-Log 250, Solar-Log Solar-Log 300 Firmware, Solar-Log Solar-Log 300, Solar-Log Solar-Log 500 Firmware.