CVE-2017-3217
Last modified
CVE-2017-3217 is a vulnerability of currently unknown severity. CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker only needs to know the phone number of the device (via an IMSI Catcher, for example) to send administrative commands to the device. EPSS estimates a 2.05% chance of exploitation in the next 30 days.
Description
CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller. This interface must be password protected, otherwise, the attacker only needs to know the phone number of the device (via an IMSI Catcher, for example) to send administrative commands to the device. These commands can be used to provide ongoing, real-time access to the device and can configure parameters such as IP addresses, firewall rules, and passwords.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Calamp | Lmu 3030 Obd-Ii Firmware | All versions |
| Calamp | Lmu 3030 Cdma Firmware | All versions |
| Calamp | Lmu 3030 Gsm Firmware | All versions |
References
- https://www.kb.cert.org/vuls/id/251927Third Party Advisory, US Government Resource
- https://www.securityfocus.com/bid/98964Third Party Advisory, VDB Entry
- https://www.kb.cert.org/vuls/id/251927Third Party Advisory, US Government Resource
- https://www.securityfocus.com/bid/98964Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-3217?
How severe is CVE-2017-3217?
How do I fix CVE-2017-3217?
Are you affected by CVE-2017-3217?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST