Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Network

0

CVE-2017-16544

Disclosure Date: November 20, 2017 •

CVE-2017-16544 CVSS v3 Base Score: 8.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

8.8 High

Impact Score:

5.9

Exploitability Score:

2.8

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

busybox,
canonical,
debian,
redlion,
vmware

Products

busybox,
debian linux 8.0,
debian linux 9.0,
esxi 6.0,
esxi 6.5,
esxi 6.7,
n-tron 702-w firmware,
n-tron 702m12-w firmware,
ubuntu linux 14.04,
ubuntu linux 16.04

References

Canonical

CVE-2017-16544 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544)

Advisory

[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update (https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html)

USN-3935-1 (https://usn.ubuntu.com/3935-1)

20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (http://seclists.org/fulldisclosure/2019/Jun/18)

20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (https://seclists.org/bugtraq/2019/Jun/14)

20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X (http://seclists.org/fulldisclosure/2019/Sep/7)

20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X (https://seclists.org/bugtraq/2019/Sep/7)

http://www.vmware.com/security/advisories/VMSA-2019-0013.html

20200313 SEC Consult SA-20200312-0 :: Authenticated Command Injection in Phoenix Contact TC Router & TC Cloud Client (http://seclists.org/fulldisclosure/2020/Mar/15)

20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S (http://seclists.org/fulldisclosure/2020/Aug/20)

20200902 SEC Consult SA-20200902-0 :: Multiple Vulnerabilities in Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W (http://seclists.org/fulldisclosure/2020/Sep/6)

USN-3935-1 (https://usn.ubuntu.com/3935-1/)

20210113 SEC Consult SA-20210113-0 :: Multiple vulnerabilities in Pepperl+Fuchs IO-Link Master Series (http://seclists.org/fulldisclosure/2021/Jan/39)

[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update (https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html)

20210819 SEC Consult SA-20210819-0 :: Multiple critical vulnerabilities in Altus Nexto and Hadron series (http://seclists.org/fulldisclosure/2021/Aug/21)

20220617 SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series (http://seclists.org/fulldisclosure/2022/Jun/36)

Miscellaneous

https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability

https://git.busybox.net/busybox/commit?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8

http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html

http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html

https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01

https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/

https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8

http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html

Rapid7

Technical Analysis