CVE-2017-5163 - CVE Vulnerability

An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal. (CVSS:4.3) (Last Update:2017-03-03)

Vulnerability Details : An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal. Publish Date : 2017-02-13 Last Update Date : 2017-03-03 - CVSS Scores & Vulnerability Types CVSS Score 4.3 Confidentiality Impact Partial(There is considerable informational disclosure.) Integrity Impact None(There is no impact to the integrity of the system) Availability Impact None(There is no impact to the availability of the system.) Access Complexity Medium(The access conditions are somewhat specialized. Some preconditions must be satistified to exploit) Authentication Not required(Authentication is not required to exploit the vulnerability.) Gained Access None Vulnerability Type(s) Directory traversal CWE ID 22 - Products Affected By CVE-2017-5163 # Product Type Vendor Product Version Update Edition Language 1 OS Belden Hirschmann Gecko Lite Managed Switch Firmware 2.0.00 Version Details Vulnerabilities - Number Of Affected Versions By Product Vendor Product Vulnerable Versions Belden Hirschmann Gecko Lite Managed Switch Firmware 1 - References For CVE-2017-5163 http://www.securityfocus.com/bid/95815 BID 95815 Belden Hirschmann GECKO CVE-2017-5163 Information Disclosure Vulnerability Release Date:2017-01-31 https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02 - Vulnerability Conditions Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND) Belden Hirschmann Gecko Lite Managed Switch Firmware 2.0.00 Belden Hirschmann Gecko Lite Managed Switch

- Metasploit Modules Related To CVE-2017-5163 There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)