1. Home
  2. CVE Database
  3. CVE-2017-20025
HIGH · 7.3

CVE-2017-20025

A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipul...

Vulnerability Description

A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.

CVSS Score

7.3

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
Solar-LogSolar-Log 250 Firmware2.8.4-56
Solar-LogSolar-Log 250-
Solar-LogSolar-Log 300 Firmware2.8.4-56
Solar-LogSolar-Log 300-
Solar-LogSolar-Log 500 Firmware2.8.4-56
Solar-LogSolar-Log 500-
Solar-LogSolar-Log 800E Firmware2.8.4-56
Solar-LogSolar-Log 800E-
Solar-LogSolar-Log 1000 Firmware2.8.4-56
Solar-LogSolar-Log 1000-
Solar-LogSolar-Log 1000 Pm\+ Firmware2.8.4-56
Solar-LogSolar-Log 1000 Pm\+-
Solar-LogSolar-Log 1200 Firmware2.8.4-56
Solar-LogSolar-Log 1200-
Solar-LogSolar-Log 2000 Firmware2.8.4-56
Solar-LogSolar-Log 2000-

Related Weaknesses (CWE)

CWE-269

References

FAQ

What is CVE-2017-20025?

CVE-2017-20025 is a vulnerability with a CVSS score of 7.3 (HIGH). A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipul...

How severe is CVE-2017-20025?

CVE-2017-20025 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-20025?

Check the references section above for vendor advisories and patch information. Affected products include: Solar-Log Solar-Log 250 Firmware, Solar-Log Solar-Log 250, Solar-Log Solar-Log 300 Firmware, Solar-Log Solar-Log 300, Solar-Log Solar-Log 500 Firmware.