Sign-up

ID

VAR-201803-1991


CVE

CVE-2018-5779


TITLE

Mitel Connect ONSITE and ST 14.2 Code injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002795

DESCRIPTION

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using specially crafted requests. Successful exploit could allow an attacker to execute arbitrary code within the context of the application. Mitel Connect ONSITE and ST 14.2 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2018-5779 // JVNDB: JVNDB-2018-002795 // VULMON: CVE-2018-5779

AFFECTED PRODUCTS

vendor:mitelmodel:connect onsitescope:lteversion:r1711-prem

Trust: 1.8

vendor:mitelmodel:st14.2scope:lteversion:ga28

Trust: 1.0

vendor:mitelmodel:st 14.2scope:lteversion:ga28

Trust: 0.8

vendor:mitelmodel:connect onsitescope:eqversion:r1711-prem

Trust: 0.6

vendor:mitelmodel:st14.2scope:eqversion:ga28

Trust: 0.6

sources: JVNDB: JVNDB-2018-002795 // CNNVD: CNNVD-201803-538 // NVD: CVE-2018-5779

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5779
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-5779
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201803-538
value: CRITICAL

Trust: 0.6

VULMON: CVE-2018-5779
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-5779
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2018-5779
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULMON: CVE-2018-5779 // JVNDB: JVNDB-2018-002795 // CNNVD: CNNVD-201803-538 // NVD: CVE-2018-5779

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.8

sources: JVNDB: JVNDB-2018-002795 // NVD: CVE-2018-5779

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-538

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201803-538

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002795

PATCH
title:18-0004-001url:https://www.mitel.com/sites/default/files/Security-Bulletin-18-0004-001v1.0-2018-03-06.pdf
Trust: 0.8
title:18-0004url:https://www.mitel.com/mitel-product-security-advisory-18-0004
Trust: 0.8
title:Mitel Connect ONSITE  and Mitel ST conferencing Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79187
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-002795 // 
            
            
            
            CNNVD: CNNVD-201803-538

EXTERNAL IDS
db:NVDid:CVE-2018-5779
Trust: 2.5
db:JVNDBid:JVNDB-2018-002795
Trust: 0.8
db:CNNVDid:CNNVD-201803-538
Trust: 0.6
db:VULMONid:CVE-2018-5779
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-5779 // 
            
            
            
            JVNDB: JVNDB-2018-002795 // 
            
            
            
            CNNVD: CNNVD-201803-538 // 
            
            
            
            NVD: CVE-2018-5779

REFERENCES
url:https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5779
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5779
Trust: 0.8
url:https://www.mitel.com/mitel-product-security-advisory-18-0004
Trust: 0.6
url:https://www.mitel.com/sites/default/files/security-bulletin-18-0004-001v1.0-2018-03-06.pdf
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/94.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-5779 // 
            
            
            
            JVNDB: JVNDB-2018-002795 // 
            
            
            
            CNNVD: CNNVD-201803-538 // 
            
            
            
            NVD: CVE-2018-5779

SOURCES
db:VULMONid:CVE-2018-5779
db:JVNDBid:JVNDB-2018-002795
db:CNNVDid:CNNVD-201803-538
db:NVDid:CVE-2018-5779

LAST UPDATE DATE
2024-11-23T22:17:36.961000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2018-5779date:2018-09-07T00:00:00
db:JVNDBid:JVNDB-2018-002795date:2018-05-01T00:00:00
db:CNNVDid:CNNVD-201803-538date:2018-03-20T00:00:00
db:NVDid:CVE-2018-5779date:2024-11-21T04:09:22.683

SOURCES RELEASE DATE
db:VULMONid:CVE-2018-5779date:2018-03-14T00:00:00
db:JVNDBid:JVNDB-2018-002795date:2018-05-01T00:00:00
db:CNNVDid:CNNVD-201803-538date:2018-03-14T00:00:00
db:NVDid:CVE-2018-5779date:2018-03-14T16:29:00.257