How severe is CVE-2017-8337?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2017-8337?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2017-8337 - HIGH Severity | CVSS 8.8

Vulnerability Description

An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web management interface. It seems that the device does not implement any Origin header check which allows an attacker who can trick a user to navigate to an attacker's webpage to exploit this issue and brute force the password for the web management interface. It also allows an attacker to then execute any other actions which include management if rules, sensors attached to the devices using the websocket requests.

Related Vulnerabilities

CVE-2015-5173

HIGH

CVSS:8.8(High)

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with...

CWE-2002015

CVE-2016-0286

HIGH

CVSS:8.8(High)

IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 and 6.1.1 before 6.1.1-TIV-BSM-FP0004 allows remote authenticated users to obtain administrator passwords by leveraging unspecifie...

CWE-2002016

CVE-2016-10314

HIGH

CVSS:8.8(High)

Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to read p...

CWE-2002016

CVE-2016-10533

HIGH

CVSS:8.8(High)

express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send ...

CWE-2002016

CVE-2016-10809

HIGH

CVSS:8.8(High)

In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114).

CWE-2002016

CVE-2016-10810

HIGH

CVSS:8.8(High)

In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).

CWE-2002016