Sign-up

ID

VAR-201804-1289


CVE

CVE-2018-8880


TITLE

Lutron Quantum BACnet Integration Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004486

DESCRIPTION

Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check for correct user authentication before showing the /deviceIP information, which leads to internal network information disclosure. Lutron Quantum BACnet Integration is a lighting control system developed by Lutron Electronics in the United States. There is a security vulnerability in Lutron Quantum BACnet Integration version 2.0 using firmware version 3.2.243. The vulnerability stems from the fact that the program does not properly verify the user's request before displaying /deviceIP information. Attackers can exploit this vulnerability to obtain network information

Trust: 1.71

sources: NVD: CVE-2018-8880 // JVNDB: JVNDB-2018-004486 // VULHUB: VHN-138912

AFFECTED PRODUCTS

vendor:lutronmodel:quantum bacnet integrationscope:eqversion:3.2.243

Trust: 2.4

sources: JVNDB: JVNDB-2018-004486 // CNNVD: CNNVD-201804-1341 // NVD: CVE-2018-8880

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-8880
value: HIGH

Trust: 1.0

NVD: CVE-2018-8880
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201804-1341
value: MEDIUM

Trust: 0.6

VULHUB: VHN-138912
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-8880
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-138912
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-8880
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-138912 // JVNDB: JVNDB-2018-004486 // CNNVD: CNNVD-201804-1341 // NVD: CVE-2018-8880

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-138912 // JVNDB: JVNDB-2018-004486 // NVD: CVE-2018-8880

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1341

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-1341

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004486

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-138912

PATCH
title:Top Pageurl:http://www.lutron.com/en-US/Pages/default.aspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-004486

EXTERNAL IDS
db:NVDid:CVE-2018-8880
Trust: 2.5
db:EXPLOIT-DBid:44488
Trust: 1.7
db:JVNDBid:JVNDB-2018-004486
Trust: 0.8
db:CNNVDid:CNNVD-201804-1341
Trust: 0.7
db:SEEBUGid:SSVID-97794
Trust: 0.1
db:VULHUBid:VHN-138912
Trust: 0.1
sources:
            
            
            VULHUB: VHN-138912 // 
            
            
            
            JVNDB: JVNDB-2018-004486 // 
            
            
            
            CNNVD: CNNVD-201804-1341 // 
            
            
            
            NVD: CVE-2018-8880

REFERENCES
url:http://sadfud.me/explotos/deviceip.txt
Trust: 2.5
url:https://www.exploit-db.com/exploits/44488/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8880
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-8880
Trust: 0.8
sources:
            
            
            VULHUB: VHN-138912 // 
            
            
            
            JVNDB: JVNDB-2018-004486 // 
            
            
            
            CNNVD: CNNVD-201804-1341 // 
            
            
            
            NVD: CVE-2018-8880

SOURCES
db:VULHUBid:VHN-138912
db:JVNDBid:JVNDB-2018-004486
db:CNNVDid:CNNVD-201804-1341
db:NVDid:CVE-2018-8880

LAST UPDATE DATE
2024-11-23T22:45:23.593000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-138912date:2018-05-25T00:00:00
db:JVNDBid:JVNDB-2018-004486date:2018-06-21T00:00:00
db:CNNVDid:CNNVD-201804-1341date:2018-04-24T00:00:00
db:NVDid:CVE-2018-8880date:2024-11-21T04:14:31.067

SOURCES RELEASE DATE
db:VULHUBid:VHN-138912date:2018-04-23T00:00:00
db:JVNDBid:JVNDB-2018-004486date:2018-06-21T00:00:00
db:CNNVDid:CNNVD-201804-1341date:2018-04-24T00:00:00
db:NVDid:CVE-2018-8880date:2018-04-23T18:29:01.037