Details of VAR-201801-1447

ID

VAR-201801-1447

CVE

CVE-2018-5267

TITLE

Cobham Sea Tel 121 Vulnerabilities related to authorization, authority, and access control in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-001429

DESCRIPTION

Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html. Cobham Sea Tel 121 Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CobhamSeaTel is a wireless communication terminal product from Cobham, UK. A security bypass vulnerability exists in the CobhamSeaTel121build222701 release

Trust: 2.25

sources: NVD: CVE-2018-5267 // JVNDB: JVNDB-2018-001429 // CNVD: CNVD-2018-03966 // VULHUB: VHN-135298

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-03966

AFFECTED PRODUCTS

vendor:	cobham	model:	sea tel 121	scope:	eq	version:	222701	Trust: 1.6
vendor:	cobham plc	model:	sea tel 121	scope:	eq	version:	build 222701	Trust: 0.8
vendor:	cobham	model:	sea tel build	scope:	eq	version:	121222701	Trust: 0.6

sources: CNVD: CNVD-2018-03966 // JVNDB: JVNDB-2018-001429 // CNNVD: CNNVD-201801-319 // NVD: CVE-2018-5267

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-5267
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-5267
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-03966
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201801-319
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-135298
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-5267
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-03966
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-135298
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-5267
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-03966 // VULHUB: VHN-135298 // JVNDB: JVNDB-2018-001429 // CNNVD: CNNVD-201801-319 // NVD: CVE-2018-5267

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-135298 // JVNDB: JVNDB-2018-001429 // NVD: CVE-2018-5267

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-319

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201801-319

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001429

PATCH

title:

Top Page

url:

http://www.cobham.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-001429

EXTERNAL IDS

db:	NVD	id:	CVE-2018-5267	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-001429	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-319	Trust: 0.7
db:	CNVD	id:	CNVD-2018-03966	Trust: 0.6
db:	VULHUB	id:	VHN-135298	Trust: 0.1

sources: CNVD: CNVD-2018-03966 // VULHUB: VHN-135298 // JVNDB: JVNDB-2018-001429 // CNNVD: CNNVD-201801-319 // NVD: CVE-2018-5267

REFERENCES

url:	http://misteralfa-hack.blogspot.cl/2018/01/seatelcobham-terminales-satelitales.html	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5267	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5267	Trust: 0.8
url:	http://misteralfa-hack.blogspot.jp/2018/01/seatelcobham-terminales-satelitales.html	Trust: 0.8

sources: CNVD: CNVD-2018-03966 // VULHUB: VHN-135298 // JVNDB: JVNDB-2018-001429 // CNNVD: CNNVD-201801-319 // NVD: CVE-2018-5267

SOURCES

db:	CNVD	id:	CNVD-2018-03966
db:	VULHUB	id:	VHN-135298
db:	JVNDB	id:	JVNDB-2018-001429
db:	CNNVD	id:	CNNVD-201801-319
db:	NVD	id:	CVE-2018-5267

LAST UPDATE DATE

2024-11-23T22:26:32.981000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-03966	date:	2018-03-01T00:00:00
db:	VULHUB	id:	VHN-135298	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-001429	date:	2018-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201801-319	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-5267	date:	2024-11-21T04:08:27.633

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-03966	date:	2018-03-01T00:00:00
db:	VULHUB	id:	VHN-135298	date:	2018-01-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-001429	date:	2018-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201801-319	date:	2018-01-09T00:00:00
db:	NVD	id:	CVE-2018-5267	date:	2018-01-08T03:29:00.327