Sign-up

ID

VAR-201807-0763


CVE

CVE-2018-11541


TITLE

plural Sonus SBC Vulnerabilities related to authorization, authority, and access control in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-007889

DESCRIPTION

A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140. Sonus SBC 1000, SBC 2000 and SBC SWe Lite are all network border controller products of Sonus Networks in the United States. Web interface is one of the web-based management interfaces. An attacker could exploit this vulnerability to gain unauthorized access to privileged content

Trust: 1.8

sources: NVD: CVE-2018-11541 // JVNDB: JVNDB-2018-007889 // VULHUB: VHN-121411 // VULMON: CVE-2018-11541

AFFECTED PRODUCTS

vendor:ribboncommunicationsmodel:sonus sbc 2000scope:eqversion:6.1.0

Trust: 1.6

vendor:ribboncommunicationsmodel:sonus sbc 1000scope:eqversion:6.1.0

Trust: 1.6

vendor:ribboncommunicationsmodel:sonus sbc 2000scope:eqversion:6.0.0

Trust: 1.6

vendor:ribboncommunicationsmodel:sonus sbc 2000scope:eqversion:7.0.0

Trust: 1.6

vendor:ribboncommunicationsmodel:sonus sbc 1000scope:eqversion:7.0.0

Trust: 1.6

vendor:ribboncommunicationsmodel:sbc swe lite webscope:eqversion:6.1.0

Trust: 1.6

vendor:ribboncommunicationsmodel:sonus sbc 1000scope:eqversion:6.0.0

Trust: 1.6

vendor:ribboncommunicationsmodel:sbc swe lite webscope:eqversion:7.0.0

Trust: 1.6

vendor:ribbonmodel:sonus sbc 1000scope:eqversion:build 446 for up to 6.0.x

Trust: 0.8

vendor:ribbonmodel:sonus sbc 1000scope:eqversion:build 485 for up to 7.0.x

Trust: 0.8

vendor:ribbonmodel:sonus sbc 1000scope:eqversion:build 492 for up to 6.1.x

Trust: 0.8

vendor:ribbonmodel:sonus sbc 2000scope:eqversion:build 446 for up to 6.0.x

Trust: 0.8

vendor:ribbonmodel:sonus sbc 2000scope:eqversion:build 485 for up to 7.0.x

Trust: 0.8

vendor:ribbonmodel:sonus sbc 2000scope:eqversion:build 492 for up to 6.1.x

Trust: 0.8

vendor:ribbonmodel:sonus sbc swe lite webscope:eqversion:build 111 for up to 6.1.x

Trust: 0.8

vendor:ribbonmodel:sonus sbc swe lite webscope:eqversion:build 140 for up to 7.0.x

Trust: 0.8

sources: JVNDB: JVNDB-2018-007889 // CNNVD: CNNVD-201807-507 // NVD: CVE-2018-11541

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11541
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-11541
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201807-507
value: CRITICAL

Trust: 0.6

VULHUB: VHN-121411
value: HIGH

Trust: 0.1

VULMON: CVE-2018-11541
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-11541
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-121411
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11541
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-121411 // VULMON: CVE-2018-11541 // JVNDB: JVNDB-2018-007889 // CNNVD: CNNVD-201807-507 // NVD: CVE-2018-11541

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-121411 // JVNDB: JVNDB-2018-007889 // NVD: CVE-2018-11541

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-507

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201807-507

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007889

PATCH
title:CVE-2018-11541url:https://gist.github.com/CyberSKR/0134dff8f48d2e7b87227c554404bfcb
Trust: 0.8
title:Sonus SBC 1000 , SBC 2000  and SBC SWe Lite Web Repairs for interface permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81893
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-007889 // 
            
            
            
            CNNVD: CNNVD-201807-507

EXTERNAL IDS
db:NVDid:CVE-2018-11541
Trust: 2.6
db:JVNDBid:JVNDB-2018-007889
Trust: 0.8
db:CNNVDid:CNNVD-201807-507
Trust: 0.7
db:VULHUBid:VHN-121411
Trust: 0.1
db:VULMONid:CVE-2018-11541
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121411 // 
            
            
            
            VULMON: CVE-2018-11541 // 
            
            
            
            JVNDB: JVNDB-2018-007889 // 
            
            
            
            CNNVD: CNNVD-201807-507 // 
            
            
            
            NVD: CVE-2018-11541

REFERENCES
url:https://gist.github.com/cyberskr/0134dff8f48d2e7b87227c554404bfcb
Trust: 1.8
url:https://support.sonus.net/display/uxdoc61/sbc+edge+6.1.6+release+notes
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11541
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-11541
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/862.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-121411 // 
            
            
            
            VULMON: CVE-2018-11541 // 
            
            
            
            JVNDB: JVNDB-2018-007889 // 
            
            
            
            CNNVD: CNNVD-201807-507 // 
            
            
            
            NVD: CVE-2018-11541

SOURCES
db:VULHUBid:VHN-121411
db:VULMONid:CVE-2018-11541
db:JVNDBid:JVNDB-2018-007889
db:CNNVDid:CNNVD-201807-507
db:NVDid:CVE-2018-11541

LAST UPDATE DATE
2024-11-23T23:08:37.793000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-121411date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-11541date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-007889date:2018-10-01T00:00:00
db:CNNVDid:CNNVD-201807-507date:2019-10-23T00:00:00
db:NVDid:CVE-2018-11541date:2024-11-21T03:43:34.397

SOURCES RELEASE DATE
db:VULHUBid:VHN-121411date:2018-07-09T00:00:00
db:VULMONid:CVE-2018-11541date:2018-07-09T00:00:00
db:JVNDBid:JVNDB-2018-007889date:2018-10-01T00:00:00
db:CNNVDid:CNNVD-201807-507date:2018-07-10T00:00:00
db:NVDid:CVE-2018-11541date:2018-07-09T12:29:00.313