Sign-up

ID

VAR-201803-1994


CVE

CVE-2018-5782


TITLE

Mitel Connect ONSITE and ST 14.2 Code injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002798

DESCRIPTION

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application. Mitel Connect ONSITE and ST 14.2 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2018-5782 // JVNDB: JVNDB-2018-002798 // VULMON: CVE-2018-5782

AFFECTED PRODUCTS

vendor:mitelmodel:connect onsitescope:lteversion:r1711-prem

Trust: 1.8

vendor:mitelmodel:st14.2scope:lteversion:ga28

Trust: 1.0

vendor:mitelmodel:st 14.2scope:lteversion:ga28

Trust: 0.8

vendor:mitelmodel:connect onsitescope:eqversion:r1711-prem

Trust: 0.6

vendor:mitelmodel:st14.2scope:eqversion:ga28

Trust: 0.6

sources: JVNDB: JVNDB-2018-002798 // CNNVD: CNNVD-201803-535 // NVD: CVE-2018-5782

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5782
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-5782
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201803-535
value: CRITICAL

Trust: 0.6

VULMON: CVE-2018-5782
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-5782
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2018-5782
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULMON: CVE-2018-5782 // JVNDB: JVNDB-2018-002798 // CNNVD: CNNVD-201803-535 // NVD: CVE-2018-5782

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.8

sources: JVNDB: JVNDB-2018-002798 // NVD: CVE-2018-5782

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-535

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201803-535

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002798

PATCH
title:18-0004-001url:https://www.mitel.com/sites/default/files/Security-Bulletin-18-0004-001v1.0-2018-03-06.pdf
Trust: 0.8
title:18-0004url:https://www.mitel.com/mitel-product-security-advisory-18-0004
Trust: 0.8
title:Mitel Connect ONSITE  and Mitel ST conferencing Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79184
Trust: 0.6
title:shoretel-mitel-rceurl:https://github.com/twosevenzero/shoretel-mitel-rce 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-5782 // 
            
            
            
            JVNDB: JVNDB-2018-002798 // 
            
            
            
            CNNVD: CNNVD-201803-535

EXTERNAL IDS
db:NVDid:CVE-2018-5782
Trust: 2.5
db:EXPLOIT-DBid:46174
Trust: 1.7
db:JVNDBid:JVNDB-2018-002798
Trust: 0.8
db:CNNVDid:CNNVD-201803-535
Trust: 0.6
db:VULMONid:CVE-2018-5782
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-5782 // 
            
            
            
            JVNDB: JVNDB-2018-002798 // 
            
            
            
            CNNVD: CNNVD-201803-535 // 
            
            
            
            NVD: CVE-2018-5782

REFERENCES
url:https://github.com/twosevenzero/shoretel-mitel-rce
Trust: 1.8
url:https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-18-0004
Trust: 1.7
url:https://www.exploit-db.com/exploits/46174/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5782
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5782
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/94.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-5782 // 
            
            
            
            JVNDB: JVNDB-2018-002798 // 
            
            
            
            CNNVD: CNNVD-201803-535 // 
            
            
            
            NVD: CVE-2018-5782

SOURCES
db:VULMONid:CVE-2018-5782
db:JVNDBid:JVNDB-2018-002798
db:CNNVDid:CNNVD-201803-535
db:NVDid:CVE-2018-5782

LAST UPDATE DATE
2024-11-23T23:12:13.663000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2018-5782date:2019-04-26T00:00:00
db:JVNDBid:JVNDB-2018-002798date:2018-05-01T00:00:00
db:CNNVDid:CNNVD-201803-535date:2019-04-25T00:00:00
db:NVDid:CVE-2018-5782date:2024-11-21T04:09:23.113

SOURCES RELEASE DATE
db:VULMONid:CVE-2018-5782date:2018-03-14T00:00:00
db:JVNDBid:JVNDB-2018-002798date:2018-05-01T00:00:00
db:CNNVDid:CNNVD-201803-535date:2018-03-14T00:00:00
db:NVDid:CVE-2018-5782date:2018-03-14T16:29:00.430