CVE-2017-20233

Summary

Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering vulnerability that fails to correctly filter IPv4 multicast and broadcast traffic when management IP address filtering is disabled, allowing configured filter rules to be bypassed. Attackers with network access can inject or observe multicast and broadcast packets that should have been blocked by the firewall.

Affected Software

VendorProductVersion RangeStatus
BeldenHirschmann HiLCOS OpenBAT, BAT450, WLC0 <= 9.10.5126-RELaffected
BeldenHirschmann HiLCOS OpenBAT, BAT450, WLC0 <= 9.12.5500-RELaffected
BeldenHirschmann HiLCOS BAT8670 <= 9.14.5500-RELaffected
BeldenHirschmann HiLCOS BAT8670affected

Weaknesses

  • CWE-284: CWE-284 Improper access control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References