Sign-up

ID

VAR-201803-1992


CVE

CVE-2018-5780


TITLE

Mitel Connect ONSITE and ST 14.2 Code injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002796

DESCRIPTION

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. Mitel Connect ONSITE and ST 14.2 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2018-5780 // JVNDB: JVNDB-2018-002796 // VULMON: CVE-2018-5780

AFFECTED PRODUCTS

vendor:mitelmodel:connect onsitescope:lteversion:r1711-prem

Trust: 1.8

vendor:mitelmodel:st14.2scope:lteversion:ga28

Trust: 1.0

vendor:mitelmodel:st 14.2scope:lteversion:ga28

Trust: 0.8

vendor:mitelmodel:connect onsitescope:eqversion:r1711-prem

Trust: 0.6

vendor:mitelmodel:st14.2scope:eqversion:ga28

Trust: 0.6

sources: JVNDB: JVNDB-2018-002796 // CNNVD: CNNVD-201803-537 // NVD: CVE-2018-5780

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5780
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-5780
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201803-537
value: CRITICAL

Trust: 0.6

VULMON: CVE-2018-5780
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-5780
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2018-5780
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULMON: CVE-2018-5780 // JVNDB: JVNDB-2018-002796 // CNNVD: CNNVD-201803-537 // NVD: CVE-2018-5780

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.8

sources: JVNDB: JVNDB-2018-002796 // NVD: CVE-2018-5780

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-537

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201803-537

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002796

PATCH
title:18-0004-001url:https://www.mitel.com/sites/default/files/Security-Bulletin-18-0004-001v1.0-2018-03-06.pdf
Trust: 0.8
title:18-0004url:https://www.mitel.com/mitel-product-security-advisory-18-0004
Trust: 0.8
title:Mitel Connect ONSITE  and Mitel ST conferencing Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79186
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-002796 // 
            
            
            
            CNNVD: CNNVD-201803-537

EXTERNAL IDS
db:NVDid:CVE-2018-5780
Trust: 2.5
db:JVNDBid:JVNDB-2018-002796
Trust: 0.8
db:CNNVDid:CNNVD-201803-537
Trust: 0.6
db:VULMONid:CVE-2018-5780
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-5780 // 
            
            
            
            JVNDB: JVNDB-2018-002796 // 
            
            
            
            CNNVD: CNNVD-201803-537 // 
            
            
            
            NVD: CVE-2018-5780

REFERENCES
url:https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5780
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5780
Trust: 0.8
url:https://www.mitel.com/mitel-product-security-advisory-18-0004
Trust: 0.6
url:https://www.mitel.com/sites/default/files/security-bulletin-18-0004-001v1.0-2018-03-06.pdf
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/94.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-5780 // 
            
            
            
            JVNDB: JVNDB-2018-002796 // 
            
            
            
            CNNVD: CNNVD-201803-537 // 
            
            
            
            NVD: CVE-2018-5780

SOURCES
db:VULMONid:CVE-2018-5780
db:JVNDBid:JVNDB-2018-002796
db:CNNVDid:CNNVD-201803-537
db:NVDid:CVE-2018-5780

LAST UPDATE DATE
2024-11-23T22:52:11.034000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2018-5780date:2018-09-07T00:00:00
db:JVNDBid:JVNDB-2018-002796date:2018-05-01T00:00:00
db:CNNVDid:CNNVD-201803-537date:2018-03-20T00:00:00
db:NVDid:CVE-2018-5780date:2024-11-21T04:09:22.830

SOURCES RELEASE DATE
db:VULMONid:CVE-2018-5780date:2018-03-14T00:00:00
db:JVNDBid:JVNDB-2018-002796date:2018-05-01T00:00:00
db:CNNVDid:CNNVD-201803-537date:2018-03-14T00:00:00
db:NVDid:CVE-2018-5780date:2018-03-14T16:29:00.337