CVE-2017-14003
published 2017-10-11CVE-2017-14003: An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An…
PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.60%
83.4th percentile
An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass authentication by accessing a specific uniform resource locator.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lavalink | ether-serial_link_firmware | <= 6.01.00\/29.03.2007 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Authentication bypass is triggered by accessing a specific URL (uniform resource locator) from an IP address matching an already-authenticated user — monitor for unauthenticated or anomalous HTTP requests to ESL device management URLs from IPs that share a session with a legitimate user. ↗
- →Target devices are LAVA Ether-Serial Link (ESL) running firmware 6.01.00/29.03.2007 or earlier — fingerprint devices by firmware version string to identify exposed assets. ↗
- ·The specific URL path used to trigger the authentication bypass is not publicly disclosed in available sources — the exact URL IOC cannot be extracted. ↗
- ·No known public exploits specifically target this vulnerability per ICS-CERT; exploitation requires the attacker to share the same IP address as an authenticated user (e.g., NAT environment or IP spoofing). ↗
- ·LAVA Computer MFG Inc. has not released a patch; no fixed firmware version is available from the vendor. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3g7f-9cp4-6m47: An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6
ghsa_unreviewed·2022-05-13
CVE-2017-14003 [CRITICAL] CWE-287 GHSA-3g7f-9cp4-6m47: An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6
An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass authentication by accessing a specific uniform resource locator.
CISA ICS
LAVA Computer MFG Inc. Ether-Serial Link
cisa_ics·2017-10-10
LAVA Computer MFG Inc. Ether-Serial Link
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
LAVA Computer MFG Inc. Ether-Serial Link
Last RevisedOctober 10, 2017
Alert CodeICSA-17-283-01
## CVSS v3 8.1
ATTENTION: Low skill level to exploit.
Vendor: LAVA Computer MFG Inc.
Equipment: Ether-Serial Link
Vulnerability: Authentication Bypass by Spoofing
## AFFECTED PRODUCTS
The following versions of LAVA Computer MFG Inc.’s Ether-Serial Links (ESL) are affected:
- All ESLs running firmware versions 6.01.00/29.03.2007 and prior versions.
## IMPACT
Successful exploitation of this vulnerability could allow an attacker to spoof the IP address of an authenticated user, as
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-10-11
Published