How severe is CVE-2017-17704?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2017-17704?

This is classified as CWE-330, which is a common weakness in software security.

CVE-2017-17704

HIGH Year: 2017

CVSS v3 Score

7.4

High

CVSS v2 Score

5.8

Medium

Weakness Type

CWE-330

View all →

Vulnerability Description

A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible.

CVE-2019-19135

HIGH

CVSS:7.4(High)

In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle atta...

CWE-3302019

CVE-2020-11501

HIGH

CVSS:7.4(High)

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' byt...

CWE-3302020

CVE-2020-25705

HIGH

CVSS:7.4(High)

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Softw...

CWE-3302020

CVE-2021-20322

HIGH

CVSS:7.4(High)

A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw all...

CWE-3302021

CVE-2023-20185

HIGH

CVSS:7.4(High)

A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersi...

CWE-3302023

CVE-2008-0087

HIGH

CVSS:7.5(High)

The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.

CWE-3302008

CVE-2017-17704

Vulnerability Description

Related Vulnerabilities

CVE-2019-19135

CVE-2020-11501

CVE-2020-25705

CVE-2021-20322

CVE-2023-20185

CVE-2008-0087