Details of VAR-201807-0764

ID

VAR-201807-0764

CVE

CVE-2018-11542

TITLE

plural Sonus SBC Command injection vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2018-007956

DESCRIPTION

A Remote Command Execution (RCE) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the execution of arbitrary commands via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140. Sonus SBC 1000, SBC 2000 and SBC SWe Lite are all network border controller products of Sonus Networks in the United States. Web interface is one of the web-based management interfaces. A remote attacker could exploit this vulnerability to execute arbitrary commands

Trust: 1.71

sources: NVD: CVE-2018-11542 // JVNDB: JVNDB-2018-007956 // VULHUB: VHN-121412

AFFECTED PRODUCTS

vendor:	ribboncommunications	model:	sonus sbc 2000	scope:	eq	version:	6.1.0	Trust: 1.6
vendor:	ribboncommunications	model:	sonus sbc 1000	scope:	eq	version:	6.1.0	Trust: 1.6
vendor:	ribboncommunications	model:	sonus sbc 2000	scope:	eq	version:	6.0.0	Trust: 1.6
vendor:	ribboncommunications	model:	sonus sbc 2000	scope:	eq	version:	7.0.0	Trust: 1.6
vendor:	ribboncommunications	model:	sonus sbc 1000	scope:	eq	version:	7.0.0	Trust: 1.6
vendor:	ribboncommunications	model:	sbc swe lite	scope:	eq	version:	6.1.0	Trust: 1.6
vendor:	ribboncommunications	model:	sonus sbc 1000	scope:	eq	version:	6.0.0	Trust: 1.6
vendor:	ribboncommunications	model:	sbc swe lite	scope:	eq	version:	7.0.0	Trust: 1.6
vendor:	ribbon	model:	sonus sbc 1000	scope:	eq	version:	build 446 for up to 6.0.x	Trust: 0.8
vendor:	ribbon	model:	sonus sbc 1000	scope:	eq	version:	build 485 for up to 7.0.x	Trust: 0.8
vendor:	ribbon	model:	sonus sbc 1000	scope:	eq	version:	build 492 for up to 6.1.x	Trust: 0.8
vendor:	ribbon	model:	sonus sbc 2000	scope:	eq	version:	build 446 for up to 6.0.x	Trust: 0.8
vendor:	ribbon	model:	sonus sbc 2000	scope:	eq	version:	build 485 for up to 7.0.x	Trust: 0.8
vendor:	ribbon	model:	sonus sbc 2000	scope:	eq	version:	build 492 for up to 6.1.x	Trust: 0.8
vendor:	ribbon	model:	sonus sbc swe lite web	scope:	eq	version:	build 111 for up to 6.1.x	Trust: 0.8
vendor:	ribbon	model:	sonus sbc swe lite web	scope:	eq	version:	build 140 for up to 7.0.x	Trust: 0.8

sources: JVNDB: JVNDB-2018-007956 // CNNVD: CNNVD-201807-506 // NVD: CVE-2018-11542

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-11542
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-11542
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201807-506
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-121412
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-11542
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-121412
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-11542
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-121412 // JVNDB: JVNDB-2018-007956 // CNNVD: CNNVD-201807-506 // NVD: CVE-2018-11542

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-77	Trust: 0.9

sources: VULHUB: VHN-121412 // JVNDB: JVNDB-2018-007956 // NVD: CVE-2018-11542

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-506

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201807-506

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-007956

PATCH

title:	SBC 1000-2000 Documentation	url:	https://support.sonus.net/display/ALLDOC/SBC+1000-2000+Documentation	Trust: 0.8
title:	Sonus SBC 1000 , SBC 2000 and SBC SWe Lite Web Repair measures for interface security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81892	Trust: 0.6

sources: JVNDB: JVNDB-2018-007956 // CNNVD: CNNVD-201807-506

EXTERNAL IDS

db:	NVD	id:	CVE-2018-11542	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-007956	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-506	Trust: 0.7
db:	VULHUB	id:	VHN-121412	Trust: 0.1

sources: VULHUB: VHN-121412 // JVNDB: JVNDB-2018-007956 // CNNVD: CNNVD-201807-506 // NVD: CVE-2018-11542

REFERENCES

url:	https://gist.github.com/cyberskr/a2a8c76174578605af7bdbf53acebe1b	Trust: 2.5
url:	https://support.sonus.net/display/uxdoc61/sbc+edge+6.1.6+release+notes	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11542	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11542	Trust: 0.8

sources: VULHUB: VHN-121412 // JVNDB: JVNDB-2018-007956 // CNNVD: CNNVD-201807-506 // NVD: CVE-2018-11542

SOURCES

db:	VULHUB	id:	VHN-121412
db:	JVNDB	id:	JVNDB-2018-007956
db:	CNNVD	id:	CNNVD-201807-506
db:	NVD	id:	CVE-2018-11542

LAST UPDATE DATE

2024-11-23T23:12:05.802000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-121412	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-007956	date:	2018-10-03T00:00:00
db:	CNNVD	id:	CNNVD-201807-506	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-11542	date:	2024-11-21T03:43:34.550

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-121412	date:	2018-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-007956	date:	2018-10-03T00:00:00
db:	CNNVD	id:	CNNVD-201807-506	date:	2018-07-10T00:00:00
db:	NVD	id:	CVE-2018-11542	date:	2018-07-09T12:29:00.360