CVE-2017-5592 — MEDIUM (5.9)

Vulnerability Description

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0).

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Profanity Project	Profanity	0.4.7

Related Weaknesses (CWE)

CWE-20 CWE-346

References

http://openwall.com/lists/oss-security/2017/02/09/29ExploitMailing ListThird Party Advisory
http://www.securityfocus.com/bid/96173Third Party AdvisoryVDB Entry
https://github.com/boothj5/profanity/commit/8e75437a7e43d4c55e861691f74892e666e2Patch
https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/ExploitTechnical DescriptionThird Party Advisory
https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdExploitTechnical DescriptionThird Party Advisory
http://openwall.com/lists/oss-security/2017/02/09/29ExploitMailing ListThird Party Advisory
http://www.securityfocus.com/bid/96173Third Party AdvisoryVDB Entry
https://github.com/boothj5/profanity/commit/8e75437a7e43d4c55e861691f74892e666e2Patch
https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/ExploitTechnical DescriptionThird Party Advisory
https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdExploitTechnical DescriptionThird Party Advisory

FAQ

What is CVE-2017-5592?

CVE-2017-5592 is a vulnerability with a CVSS score of 5.9 (MEDIUM). An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This ...

How severe is CVE-2017-5592?

CVE-2017-5592 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-5592?

Check the references section above for vendor advisories and patch information. Affected products include: Profanity Project Profanity.