Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2017-7928

Published: Aug 07, 2017 | Modified: Oct 09, 2019
CVSS 3.x
10
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2017-7928
CWEhttps://cwe.mitre.org/data/definitions/.html

An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not properly enforce access control while configured for NAT port forwarding, which may allow for unauthorized communications to downstream devices.

Affected Software

Name Vendor Start Version End Version
Sel-3620_firmware Selinc r202 (including) r202 (including)
Sel-3620_firmware Selinc r203 (including) r203 (including)
Sel-3620_firmware Selinc r203-v (including) r203-v (including)
Sel-3620_firmware Selinc r203-v1 (including) r203-v1 (including)
Sel-3620_firmware Selinc r204 (including) r204 (including)
Sel-3620_firmware Selinc r204-v1 (including) r204-v1 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use