How severe is CVE-2017-6900?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2017-6900?

This is classified as CWE-255, which is a common weakness in software security.

CVE-2017-6900

CRITICAL Year: 2017

CVSS v3 Score

9.8

Critical

CVSS v2 Score

10.0

Critical

Weakness Type

CWE-255

View all →

Vulnerability Description

An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Further to this, VAL0 and VAL1 should be sanitised to ensure they do not contain malicious characters. Passing it the username of '-' will cause it to time out and log the user in because of poor error handling. This will log the attacker in as an administrator where the telnet / ssh services can be enabled, and the credentials for local users can be reset. Also, login.cgi accepts the username as a GET parameter, so login can be achieved by browsing to the /cgi-bin/login.cgi?username=-%20a URI.

CVE-2010-5305

CRITICAL

CVSS:9.8(Critical)

The potential exists for exposure of the product's password used to restrict unauthorized access to Rockwell PLC5/SLC5/0x/RSLogix 1785-Lx and 1747-L5x controllers. The potential exists for an unauthor...

CWE-2552010

CVE-2013-1430

CRITICAL

CVSS:9.8(Critical)

An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the us...

CWE-2552013

CVE-2014-4861

CRITICAL

CVSS:9.8(Critical)

The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended.

CWE-2552014

CVE-2015-1320

CRITICAL

CVSS:9.8(Critical)

The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2.

CWE-2552015

CVE-2015-2874

CRITICAL

CVSS:9.8(Critical)

Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root acco...

CWE-2552015

CVE-2015-3252

CRITICAL

CVSS:9.8(Critical)

Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.

CWE-2552015

CVE-2017-6900

Vulnerability Description

Related Vulnerabilities

CVE-2010-5305

CVE-2013-1430

CVE-2014-4861

CVE-2015-1320

CVE-2015-2874

CVE-2015-3252