CVE-2017-20233

Published: Apr 3, 2026

Modified: May 25, 2026

PUBLISHED

CVSS v3.1

5.4

MEDIUM

Description

Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering vulnerability that fails to correctly filter IPv4 multicast and broadcast traffic when management IP address filtering is disabled, allowing configured filter rules to be bypassed. Attackers with network access can inject or observe multicast and broadcast packets that should have been blocked by the firewall.

Vendor	Product	Versions
Belden	Hirschmann HiLCOS OpenBAT, BAT450, WLC	affected `0 - <= 9.10.5126-REL` affected `0 - <= 9.12.5500-REL`
Belden	Hirschmann HiLCOS BAT867	affected `0 - <= 9.14.5500-REL` affected `0`

Weaknesses (CWE)

CWE-284

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

References

https://assets.belden.com/m/11a07596f0bf1018/original/Security-Bulletin-IPv4-Multicast-HiLCOS-Layer-2-Firewall-BSECV-2017-03.pdf

vendor-advisory

https://www.vulncheck.com/advisories/hirschmann-hilcos-layer-2-firewall-multicast-broadcast-traffic-bypass

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-20233

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References