CVE-2017-9387 — MEDIUM (5.4)

Q: How severe is CVE-2017-9387?

CVE-2017-9387 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-9387?

Check the references section above for vendor advisories and patch information. Affected products include: Getvera Veraedge Firmware, Getvera Veraedge, Getvera Veralite Firmware, Getvera Veralite.

Vulnerability Description

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called relay.sh which is used for creating new SSH relays for the device so that the device connects to Vera servers. All the parameters passed in this specific script are logged to a log file called log.relay in the /tmp folder. The user can also read all the log files from the device using a script called log.sh. However, when the script loads the log files it displays them with content-type text/html and passes all the logs through the ansi2html binary which converts all the character text including HTML meta-characters correctly to be displayed in the browser. This allows an attacker to use the log files as a storing mechanism for the XSS payload and thus whenever a user navigates to that log.sh script, it enables the XSS payload and allows an attacker to execute his malicious payload on the user's browser.

CVSS Score

5.4

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Getvera	Veraedge Firmware	<= 1.7.19
Getvera	Veraedge	-
Getvera	Veralite Firmware	<= 1.7.481
Getvera	Veralite	-

Related Weaknesses (CWE)

CWE-79

References

https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Vera_sec_issues.pdExploitThird Party Advisory
https://seclists.org/bugtraq/2019/Jun/8Mailing ListThird Party Advisory
https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Vera_sec_issues.pdExploitThird Party Advisory
https://seclists.org/bugtraq/2019/Jun/8Mailing ListThird Party Advisory

FAQ

What is CVE-2017-9387?

CVE-2017-9387 is a vulnerability with a CVSS score of 5.4 (MEDIUM). An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called relay.sh which is used for creating new SSH relays for the device so that the de...

How severe is CVE-2017-9387?

CVE-2017-9387 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-9387?

Check the references section above for vendor advisories and patch information. Affected products include: Getvera Veraedge Firmware, Getvera Veraedge, Getvera Veralite Firmware, Getvera Veralite.