CVE-2017-14021 - Vulnerability Details

Vendors	Products
Korenix	Jetnet5018g Firmware Jetnet5310g Firmware Jetnet5428g-2g-2fx Firmware Jetnet5628g-r Firmware Jetnet5628g Firmware Jetnet5728g-24p Firmware Jetnet5828g Firmware Jetnet6710g-hvdc Firmware Jetnet6710g Firmware Jetnet 5018g Jetnet 5310g Jetnet 5428g-2g-2fx Jetnet 5628g Jetnet 5628g-r Jetnet 5728g-24p Jetnet 5828g Jetnet 6710g Jetnet 6710g-hvdc

Link	Providers
http://www.securityfocus.com/bid/101598
https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Korenix JetNet", "vendor": "n/a", "versions": [{"status": "affected", "version": "Korenix JetNet"}]}], "datePublic": "2017-10-31T00:00:00", "descriptions": [{"lang": "en", "value": "A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-321", "description": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-11-01T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01"}, {"name": "101598", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101598"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-14021", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Korenix JetNet", "version": {"version_data": [{"version_value": "Korenix JetNet"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01"}, {"name": "101598", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101598"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:13:41.597Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01"}, {"name": "101598", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101598"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-14021", "datePublished": "2017-11-01T02:00:00", "dateReserved": "2017-08-30T00:00:00", "dateUpdated": "2024-08-05T19:13:41.597Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Korenix JetNet (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : Korenix JetNet (string)

}

]

}

]

datePublic : 2017-10-31T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-321 (string)

description : USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321 (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-11-01T09:57:01 (string)

orgId : 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6 (string)

shortName : icscert (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01 (string)

}

1 : { »

name : 101598 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/101598 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : ics-cert@hq.dhs.gov (string)

ID : CVE-2017-14021 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Korenix JetNet (string)

version : { »

version_data : [ »

0 : { »

version_value : Korenix JetNet (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321 (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01 (string)

refsource : MISC (string)

url : https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01 (string)

}

1 : { »

name : 101598 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/101598 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T19:13:41.597Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01 (string)

}

1 : { »

name : 101598 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/101598 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6 (string)

assignerShortName : icscert (string)

cveId : CVE-2017-14021 (string)

datePublished : 2017-11-01T02:00:00 (string)

dateReserved : 2017-08-30T00:00:00 (string)

dateUpdated : 2024-08-05T19:13:41.597Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:korenix:jetnet5018g_firmware:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "26AF5B4D-4368-4477-9185-0EAE1901F3AD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:korenix:jetnet_5018g:-:*:*:*:*:*:*:*", "matchCriteriaId": "C3CB2958-84F6-4461-9AD3-F40FCD457C93", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:korenix:jetnet5310g_firmware:1.4a:*:*:*:*:*:*:*", "matchCriteriaId": "48D4746F-B4CC-45E8-95DC-FE20408EA92F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:korenix:jetnet_5310g:-:*:*:*:*:*:*:*", "matchCriteriaId": "81A3D8A9-E142-498A-B4E8-B4B197E62F55", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:korenix:jetnet5428g-2g-2fx_firmware:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "9C71939E-E045-43B9-B546-FC8E649C54E9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:korenix:jetnet_5428g-2g-2fx:-:*:*:*:*:*:*:*", "matchCriteriaId": "6497F848-1268-48E2-8DC3-840F9D44049E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:korenix:jetnet5628g_firmware:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "2B64D2DE-4448-4212-8072-115DDDEC557E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:korenix:jetnet_5628g:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD60DF22-585E-49DF-9D90-119A5C5DD8CA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:korenix:jetnet5628g-r_firmware:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "5DF101FB-1FE3-425E-B70B-83D258B40B1C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:korenix:jetnet_5628g-r:-:*:*:*:*:*:*:*", "matchCriteriaId": "B88DB5A5-4F43-4AE1-B3F6-8E1810276423", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:korenix:jetnet5728g-24p_firmware:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "BF0C41AD-A7AA-40BE-9CA1-01155DFC9983", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:korenix:jetnet_5728g-24p:-:*:*:*:*:*:*:*", "matchCriteriaId": "81174238-9B97-46F3-9FAD-AE594480CB29", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:korenix:jetnet5828g_firmware:1.1d:*:*:*:*:*:*:*", "matchCriteriaId": "3266110D-5FF3-4322-870A-96AF8BC5C88C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:korenix:jetnet_5828g:-:*:*:*:*:*:*:*", "matchCriteriaId": "10C4DA7B-4E69-4831-B380-A65BE8EE8B10", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:korenix:jetnet6710g_firmware:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "4CDDB42E-5D8B-413B-A476-ACD6FC84E59B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:korenix:jetnet_6710g:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B2A2F8-FC5A-4FF8-8E08-F7FF198963FA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:korenix:jetnet6710g-hvdc_firmware:11e:*:*:*:*:*:*:*", "matchCriteriaId": "4467DE80-26D4-4D02-81C4-C1CD33F76FBE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:korenix:jetnet_6710g-hvdc:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD53579F-A44B-48C6-98EF-4C3D597C9E17", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks."}, {"lang": "es", "value": "Se ha descubierto un problema de uso de clave criptogr\u00e1fica embebida en Korenix JetNet JetNet5018G versi\u00f3n 1.4, JetNet5310G versi\u00f3n 1.4a, JetNet5428G-2G-2FX versi\u00f3n 1.4, JetNet5628G-R versi\u00f3n 1.4, JetNet5628G versi\u00f3n 1.4, JetNet5728G-24P versi\u00f3n 1.4, JetNet5828G versi\u00f3n 1.1d, JetNet6710G-HVDC versi\u00f3n 1.1e y JetNet6710G versi\u00f3n 1.1. Un atacante puede conseguir acceder a certificados y claves privadas embebidos, lo que le permite realizar ataques Man-in-the-Middle (MitM)."}], "id": "CVE-2017-14021", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-01T02:29:00.210", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101598"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101598"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-321"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:korenix:jetnet5018g_firmware:1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 26AF5B4D-4368-4477-9185-0EAE1901F3AD (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:korenix:jetnet_5018g:-:*:*:*:*:*:*:* (string)

matchCriteriaId : C3CB2958-84F6-4461-9AD3-F40FCD457C93 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:korenix:jetnet5310g_firmware:1.4a:*:*:*:*:*:*:* (string)

matchCriteriaId : 48D4746F-B4CC-45E8-95DC-FE20408EA92F (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:korenix:jetnet_5310g:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 81A3D8A9-E142-498A-B4E8-B4B197E62F55 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:korenix:jetnet5428g-2g-2fx_firmware:1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 9C71939E-E045-43B9-B546-FC8E649C54E9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:korenix:jetnet_5428g-2g-2fx:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 6497F848-1268-48E2-8DC3-840F9D44049E (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:korenix:jetnet5628g_firmware:1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 2B64D2DE-4448-4212-8072-115DDDEC557E (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:korenix:jetnet_5628g:-:*:*:*:*:*:*:* (string)

matchCriteriaId : FD60DF22-585E-49DF-9D90-119A5C5DD8CA (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:korenix:jetnet5628g-r_firmware:1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 5DF101FB-1FE3-425E-B70B-83D258B40B1C (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:korenix:jetnet_5628g-r:-:*:*:*:*:*:*:* (string)

matchCriteriaId : B88DB5A5-4F43-4AE1-B3F6-8E1810276423 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:korenix:jetnet5728g-24p_firmware:1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : BF0C41AD-A7AA-40BE-9CA1-01155DFC9983 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:korenix:jetnet_5728g-24p:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 81174238-9B97-46F3-9FAD-AE594480CB29 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

6 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:korenix:jetnet5828g_firmware:1.1d:*:*:*:*:*:*:* (string)

matchCriteriaId : 3266110D-5FF3-4322-870A-96AF8BC5C88C (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:korenix:jetnet_5828g:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 10C4DA7B-4E69-4831-B380-A65BE8EE8B10 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

7 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:korenix:jetnet6710g_firmware:1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 4CDDB42E-5D8B-413B-A476-ACD6FC84E59B (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:korenix:jetnet_6710g:-:*:*:*:*:*:*:* (string)

matchCriteriaId : D0B2A2F8-FC5A-4FF8-8E08-F7FF198963FA (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

8 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:korenix:jetnet6710g-hvdc_firmware:11e:*:*:*:*:*:*:* (string)

matchCriteriaId : 4467DE80-26D4-4D02-81C4-C1CD33F76FBE (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:korenix:jetnet_6710g-hvdc:-:*:*:*:*:*:*:* (string)

matchCriteriaId : DD53579F-A44B-48C6-98EF-4C3D597C9E17 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks. (string)

}

1 : { »

lang : es (string)

value : Se ha descubierto un problema de uso de clave criptográfica embebida en Korenix JetNet JetNet5018G versión 1.4, JetNet5310G versión 1.4a, JetNet5428G-2G-2FX versión 1.4, JetNet5628G-R versión 1.4, JetNet5628G versión 1.4, JetNet5728G-24P versión 1.4, JetNet5828G versión 1.1d, JetNet6710G-HVDC versión 1.1e y JetNet6710G versión 1.1. Un atacante puede conseguir acceder a certificados y claves privadas embebidos, lo que le permite realizar ataques Man-in-the-Middle (MitM). (string)

}

]

id : CVE-2017-14021 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 10 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:L/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-11-01T02:29:00.210 (string)

references : [ »

0 : { »

source : ics-cert@hq.dhs.gov (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/101598 (string)

}

1 : { »

source : ics-cert@hq.dhs.gov (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/101598 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSA-17-299-01 (string)

}

]

sourceIdentifier : ics-cert@hq.dhs.gov (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-321 (string)

}

]

source : ics-cert@hq.dhs.gov (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-798 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object