Sign-up

ID

VAR-201802-1020


CVE

CVE-2018-5797


TITLE

Extreme Networks ExtremeWireless WiNG Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-001807

DESCRIPTION

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port. Extreme Networks ExtremeWireless WiNG Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Secure MINT static message key is one of the static MIMT message keys. The Secure MINT static message key in Extreme Networks ExtremeWireless WiNG 5.x versions prior to 5.8.6.9 and 5.9.x versions prior to 5.9.1.3 has a security vulnerability. An attacker could exploit this vulnerability to decrypt packets by performing a man-in-the-middle attack

Trust: 1.71

sources: NVD: CVE-2018-5797 // JVNDB: JVNDB-2018-001807 // VULHUB: VHN-135829

AFFECTED PRODUCTS

vendor:extremenetworksmodel:extremewireless wingscope:ltversion:5.9.1.3

Trust: 1.0

vendor:extremenetworksmodel:extremewireless wingscope:ltversion:5.8.6.9

Trust: 1.0

vendor:extremenetworksmodel:extremewireless wingscope:gteversion:5.9.0

Trust: 1.0

vendor:extremenetworksmodel:extremewireless wingscope:gteversion:5.0

Trust: 1.0

vendor:extrememodel:extremewireless wingscope:eqversion:5.8.6.9

Trust: 0.8

vendor:extrememodel:extremewireless wingscope:eqversion:5.9.1.3

Trust: 0.8

vendor:extrememodel:extremewireless wingscope:ltversion:5.x

Trust: 0.8

vendor:extrememodel:extremewireless wingscope:ltversion:5.9.x

Trust: 0.8

sources: JVNDB: JVNDB-2018-001807 // NVD: CVE-2018-5797

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5797
value: HIGH

Trust: 1.0

NVD: CVE-2018-5797
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201802-115
value: HIGH

Trust: 0.6

VULHUB: VHN-135829
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-5797
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-135829
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5797
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-135829 // JVNDB: JVNDB-2018-001807 // CNNVD: CNNVD-201802-115 // NVD: CVE-2018-5797

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-135829 // JVNDB: JVNDB-2018-001807 // NVD: CVE-2018-5797

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201802-115

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201802-115

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001807

PATCH
title:VN 2018-003url:https://gtacknowledge.extremenetworks.com/articles/Vulnerability_Notice/VN-2018-003
Trust: 0.8
title:Extreme Networks ExtremeWireless WiNG Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78271
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-001807 // 
            
            
            
            CNNVD: CNNVD-201802-115

EXTERNAL IDS
db:NVDid:CVE-2018-5797
Trust: 2.5
db:JVNDBid:JVNDB-2018-001807
Trust: 0.8
db:CNNVDid:CNNVD-201802-115
Trust: 0.7
db:VULHUBid:VHN-135829
Trust: 0.1
sources:
            
            
            VULHUB: VHN-135829 // 
            
            
            
            JVNDB: JVNDB-2018-001807 // 
            
            
            
            CNNVD: CNNVD-201802-115 // 
            
            
            
            NVD: CVE-2018-5797

REFERENCES
url:https://gtacknowledge.extremenetworks.com/articles/vulnerability_notice/vn-2018-003
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5797
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5797
Trust: 0.8
sources:
            
            
            VULHUB: VHN-135829 // 
            
            
            
            JVNDB: JVNDB-2018-001807 // 
            
            
            
            CNNVD: CNNVD-201802-115 // 
            
            
            
            NVD: CVE-2018-5797

SOURCES
db:VULHUBid:VHN-135829
db:JVNDBid:JVNDB-2018-001807
db:CNNVDid:CNNVD-201802-115
db:NVDid:CVE-2018-5797

LAST UPDATE DATE
2024-11-23T23:08:46.653000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-135829date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-001807date:2018-03-08T00:00:00
db:CNNVDid:CNNVD-201802-115date:2019-10-08T00:00:00
db:NVDid:CVE-2018-5797date:2024-11-21T04:09:25.467

SOURCES RELEASE DATE
db:VULHUBid:VHN-135829date:2018-02-05T00:00:00
db:JVNDBid:JVNDB-2018-001807date:2018-03-08T00:00:00
db:CNNVDid:CNNVD-201802-115date:2018-02-06T00:00:00
db:NVDid:CVE-2018-5797date:2018-02-05T04:29:00.807