CVE-2017-20233
5.4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering vulnerability that fails to correctly filter IPv4 multicast and broadcast traffic when management IP address filtering is disabled, allowing configured filter rules to be bypassed. Attackers with network access can inject or observe multicast and broadcast packets that should have been blocked by the firewall.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Belden | Hirschmann HiLCOS OpenBAT, BAT450, WLC | 0 <= 9.10.5126-REL | affected |
| Belden | Hirschmann HiLCOS OpenBAT, BAT450, WLC | 0 <= 9.12.5500-REL | affected |
| Belden | Hirschmann HiLCOS BAT867 | 0 <= 9.14.5500-REL | affected |
| Belden | Hirschmann HiLCOS BAT867 | 0 | affected |
Weaknesses
- CWE-284: CWE-284 Improper access control
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://assets.belden.com/m/11a07596f0bf1018/original/Security-Bulletin-IPv4-Multicast-HiLCOS-Layer-2-Firewall-BSECV-2017-03.pdf
- https://www.vulncheck.com/advisories/hirschmann-hilcos-layer-2-firewall-multicast-broadcast-traffic-bypass
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.