Sign-up

ID

VAR-201806-0738


CVE

CVE-2018-12333


TITLE

ECOS Secure Boot Stick Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006495

DESCRIPTION

Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code. ECOS Secure Boot Stick ( alias SBS) Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ECOS Secure Boot Stick (also known as SBS) is a security device from German ECOS TECHNOLOGY for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications. There is a security hole in ECOS SBS version 5.6.5, which is caused by the fact that the program does not fully verify the reliability of the data

Trust: 1.71

sources: NVD: CVE-2018-12333 // JVNDB: JVNDB-2018-006495 // VULHUB: VHN-122282

AFFECTED PRODUCTS

vendor:ecosmodel:secure boot stickscope:eqversion:5.6.5

Trust: 2.4

sources: JVNDB: JVNDB-2018-006495 // CNNVD: CNNVD-201806-935 // NVD: CVE-2018-12333

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-12333
value: HIGH

Trust: 1.0

NVD: CVE-2018-12333
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201806-935
value: HIGH

Trust: 0.6

VULHUB: VHN-122282
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-12333
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-122282
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-12333
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122282 // JVNDB: JVNDB-2018-006495 // CNNVD: CNNVD-201806-935 // NVD: CVE-2018-12333

PROBLEMTYPE DATA

problemtype:CWE-345

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-122282 // JVNDB: JVNDB-2018-006495 // NVD: CVE-2018-12333

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-935

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201806-935

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006495

PATCH
title:SECURE BOOT STICKurl:https://www.ecos.de/produkte/zugangskomponenten/secure-boot-stick/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-006495

EXTERNAL IDS
db:NVDid:CVE-2018-12333
Trust: 2.5
db:JVNDBid:JVNDB-2018-006495
Trust: 0.8
db:CNNVDid:CNNVD-201806-935
Trust: 0.6
db:VULHUBid:VHN-122282
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122282 // 
            
            
            
            JVNDB: JVNDB-2018-006495 // 
            
            
            
            CNNVD: CNNVD-201806-935 // 
            
            
            
            NVD: CVE-2018-12333

REFERENCES
url:https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12333
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-12333
Trust: 0.8
sources:
            
            
            VULHUB: VHN-122282 // 
            
            
            
            JVNDB: JVNDB-2018-006495 // 
            
            
            
            CNNVD: CNNVD-201806-935 // 
            
            
            
            NVD: CVE-2018-12333

SOURCES
db:VULHUBid:VHN-122282
db:JVNDBid:JVNDB-2018-006495
db:CNNVDid:CNNVD-201806-935
db:NVDid:CVE-2018-12333

LAST UPDATE DATE
2024-11-23T22:12:30.935000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122282date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-006495date:2018-08-23T00:00:00
db:CNNVDid:CNNVD-201806-935date:2019-10-23T00:00:00
db:NVDid:CVE-2018-12333date:2024-11-21T03:45:00.710

SOURCES RELEASE DATE
db:VULHUBid:VHN-122282date:2018-06-17T00:00:00
db:JVNDBid:JVNDB-2018-006495date:2018-08-23T00:00:00
db:CNNVDid:CNNVD-201806-935date:2018-06-17T00:00:00
db:NVDid:CVE-2018-12333date:2018-06-17T16:29:00.597