Sign-up

ID

VAR-201803-1993


CVE

CVE-2018-5781


TITLE

Mitel Connect ONSITE and ST 14.2 Code injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002797

DESCRIPTION

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. Mitel Connect ONSITE and ST 14.2 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2018-5781 // JVNDB: JVNDB-2018-002797 // VULMON: CVE-2018-5781

AFFECTED PRODUCTS

vendor:mitelmodel:connect onsitescope:lteversion:r1711-prem

Trust: 1.8

vendor:mitelmodel:st14.2scope:lteversion:ga28

Trust: 1.0

vendor:mitelmodel:st 14.2scope:lteversion:ga28

Trust: 0.8

vendor:mitelmodel:connect onsitescope:eqversion:r1711-prem

Trust: 0.6

vendor:mitelmodel:st14.2scope:eqversion:ga28

Trust: 0.6

sources: JVNDB: JVNDB-2018-002797 // CNNVD: CNNVD-201803-536 // NVD: CVE-2018-5781

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5781
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-5781
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201803-536
value: CRITICAL

Trust: 0.6

VULMON: CVE-2018-5781
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-5781
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2018-5781
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULMON: CVE-2018-5781 // JVNDB: JVNDB-2018-002797 // CNNVD: CNNVD-201803-536 // NVD: CVE-2018-5781

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.8

sources: JVNDB: JVNDB-2018-002797 // NVD: CVE-2018-5781

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-536

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201803-536

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002797

PATCH
title:18-0004-001url:https://www.mitel.com/sites/default/files/Security-Bulletin-18-0004-001v1.0-2018-03-06.pdf
Trust: 0.8
title:18-0004url:https://www.mitel.com/mitel-product-security-advisory-18-0004
Trust: 0.8
title:Mitel Connect ONSITE  and Mitel ST conferencing Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79185
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-002797 // 
            
            
            
            CNNVD: CNNVD-201803-536

EXTERNAL IDS
db:NVDid:CVE-2018-5781
Trust: 2.5
db:JVNDBid:JVNDB-2018-002797
Trust: 0.8
db:CNNVDid:CNNVD-201803-536
Trust: 0.6
db:VULMONid:CVE-2018-5781
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-5781 // 
            
            
            
            JVNDB: JVNDB-2018-002797 // 
            
            
            
            CNNVD: CNNVD-201803-536 // 
            
            
            
            NVD: CVE-2018-5781

REFERENCES
url:https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5781
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5781
Trust: 0.8
url:https://www.mitel.com/mitel-product-security-advisory-18-0004
Trust: 0.6
url:https://www.mitel.com/sites/default/files/security-bulletin-18-0004-001v1.0-2018-03-06.pdf
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/94.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-5781 // 
            
            
            
            JVNDB: JVNDB-2018-002797 // 
            
            
            
            CNNVD: CNNVD-201803-536 // 
            
            
            
            NVD: CVE-2018-5781

SOURCES
db:VULMONid:CVE-2018-5781
db:JVNDBid:JVNDB-2018-002797
db:CNNVDid:CNNVD-201803-536
db:NVDid:CVE-2018-5781

LAST UPDATE DATE
2024-11-23T23:05:09.324000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2018-5781date:2018-09-07T00:00:00
db:JVNDBid:JVNDB-2018-002797date:2018-05-01T00:00:00
db:CNNVDid:CNNVD-201803-536date:2018-03-20T00:00:00
db:NVDid:CVE-2018-5781date:2024-11-21T04:09:22.973

SOURCES RELEASE DATE
db:VULMONid:CVE-2018-5781date:2018-03-14T00:00:00
db:JVNDBid:JVNDB-2018-002797date:2018-05-01T00:00:00
db:CNNVDid:CNNVD-201803-536date:2018-03-14T00:00:00
db:NVDid:CVE-2018-5781date:2018-03-14T16:29:00.383