Sign-up

ID

VAR-201804-0926


CVE

CVE-2018-10024


TITLE

ubiQuoss Switch VP5208A Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-004152

DESCRIPTION

ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled). ubiQuoss Switch VP5208A Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. UbiQuossSwitchVP5208A is a switch product of UbiQuoss, Korea. A security vulnerability exists in UbiQuossSwitchVP5208A. An attacker could obtain credentials by sending an HTTP request and exploit the vulnerability to access the system via SSH

Trust: 2.25

sources: NVD: CVE-2018-10024 // JVNDB: JVNDB-2018-004152 // CNVD: CNVD-2018-09697 // VULHUB: VHN-119742

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-09697

AFFECTED PRODUCTS

vendor:ubiquossmodel:vp5208ascope:eqversion: -

Trust: 1.6

vendor:ubiquossmodel:switch vp5208ascope: - version: -

Trust: 1.4

sources: CNVD: CNVD-2018-09697 // JVNDB: JVNDB-2018-004152 // CNNVD: CNNVD-201804-525 // NVD: CVE-2018-10024

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10024
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-10024
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-09697
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201804-525
value: CRITICAL

Trust: 0.6

VULHUB: VHN-119742
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-10024
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-09697
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-119742
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-10024
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-09697 // VULHUB: VHN-119742 // JVNDB: JVNDB-2018-004152 // CNNVD: CNNVD-201804-525 // NVD: CVE-2018-10024

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-119742 // JVNDB: JVNDB-2018-004152 // NVD: CVE-2018-10024

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-525

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201804-525

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004152

PATCH
title:Top Pageurl:http://www.ubiquoss.com/renew/index.php
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-004152

EXTERNAL IDS
db:NVDid:CVE-2018-10024
Trust: 3.1
db:JVNDBid:JVNDB-2018-004152
Trust: 0.8
db:CNVDid:CNVD-2018-09697
Trust: 0.6
db:CNNVDid:CNNVD-201804-525
Trust: 0.6
db:VULHUBid:VHN-119742
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-09697 // 
            
            
            
            VULHUB: VHN-119742 // 
            
            
            
            JVNDB: JVNDB-2018-004152 // 
            
            
            
            CNNVD: CNNVD-201804-525 // 
            
            
            
            NVD: CVE-2018-10024

REFERENCES
url:https://www.tarlogic.com/advisories/tarlogic-2018-002.txt
Trust: 3.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10024
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-10024
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-09697 // 
            
            
            
            VULHUB: VHN-119742 // 
            
            
            
            JVNDB: JVNDB-2018-004152 // 
            
            
            
            CNNVD: CNNVD-201804-525 // 
            
            
            
            NVD: CVE-2018-10024

SOURCES
db:CNVDid:CNVD-2018-09697
db:VULHUBid:VHN-119742
db:JVNDBid:JVNDB-2018-004152
db:CNNVDid:CNNVD-201804-525
db:NVDid:CVE-2018-10024

LAST UPDATE DATE
2024-11-23T21:39:01.353000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-09697date:2018-05-17T00:00:00
db:VULHUBid:VHN-119742date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-004152date:2018-06-12T00:00:00
db:CNNVDid:CNNVD-201804-525date:2019-10-23T00:00:00
db:NVDid:CVE-2018-10024date:2024-11-21T03:40:41.820

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-09697date:2018-05-17T00:00:00
db:VULHUBid:VHN-119742date:2018-04-11T00:00:00
db:JVNDBid:JVNDB-2018-004152date:2018-06-12T00:00:00
db:CNNVDid:CNNVD-201804-525date:2018-04-12T00:00:00
db:NVDid:CVE-2018-10024date:2018-04-11T17:29:00.397