Details of VAR-201807-0765

ID

VAR-201807-0765

CVE

CVE-2018-11543

TITLE

plural Sonus SBC Path traversal vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-008029

DESCRIPTION

A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the downloading of arbitrary files via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140. Web interface is one of the web-based management interfaces. An attacker could exploit this vulnerability to download arbitrary files

Trust: 1.71

sources: NVD: CVE-2018-11543 // JVNDB: JVNDB-2018-008029 // VULHUB: VHN-121413

AFFECTED PRODUCTS

vendor:	ribboncommunications	model:	sonus sbc 2000	scope:	eq	version:	6.1.0	Trust: 1.6
vendor:	ribboncommunications	model:	sonus sbc 1000	scope:	eq	version:	6.1.0	Trust: 1.6
vendor:	ribboncommunications	model:	sonus sbc 2000	scope:	eq	version:	6.0.0	Trust: 1.6
vendor:	ribboncommunications	model:	sonus sbc 2000	scope:	eq	version:	7.0.0	Trust: 1.6
vendor:	ribboncommunications	model:	sonus sbc 1000	scope:	eq	version:	7.0.0	Trust: 1.6
vendor:	ribboncommunications	model:	sbc swe lite	scope:	eq	version:	6.1.0	Trust: 1.6
vendor:	ribboncommunications	model:	sonus sbc 1000	scope:	eq	version:	6.0.0	Trust: 1.6
vendor:	ribboncommunications	model:	sbc swe lite	scope:	eq	version:	7.0.0	Trust: 1.6
vendor:	ribbon	model:	sonus sbc 1000	scope:	eq	version:	build 446 for up to 6.0.x	Trust: 0.8
vendor:	ribbon	model:	sonus sbc 1000	scope:	eq	version:	build 485 for up to 7.0.x	Trust: 0.8
vendor:	ribbon	model:	sonus sbc 1000	scope:	eq	version:	build 492 for up to 6.1.x	Trust: 0.8
vendor:	ribbon	model:	sonus sbc 2000	scope:	eq	version:	build 446 for up to 6.0.x	Trust: 0.8
vendor:	ribbon	model:	sonus sbc 2000	scope:	eq	version:	build 485 for up to 7.0.x	Trust: 0.8
vendor:	ribbon	model:	sonus sbc 2000	scope:	eq	version:	build 492 for up to 6.1.x	Trust: 0.8
vendor:	ribbon	model:	sonus sbc swe lite web	scope:	eq	version:	build 111 for up to 6.1.x	Trust: 0.8
vendor:	ribbon	model:	sonus sbc swe lite web	scope:	eq	version:	build 140 for up to 7.0.x	Trust: 0.8

sources: JVNDB: JVNDB-2018-008029 // CNNVD: CNNVD-201807-505 // NVD: CVE-2018-11543

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-11543
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-11543
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201807-505
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-121413
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-11543
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-121413
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-11543
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-121413 // JVNDB: JVNDB-2018-008029 // CNNVD: CNNVD-201807-505 // NVD: CVE-2018-11543

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-121413 // JVNDB: JVNDB-2018-008029 // NVD: CVE-2018-11543

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-505

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201807-505

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008029

PATCH

title:	SBC 1000-2000 Documentation	url:	https://support.sonus.net/display/ALLDOC/SBC+1000-2000+Documentation	Trust: 0.8
title:	Sonus SBC 1000 , SBC 2000 and SBC SWe Lite Web Repair measures for interface security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81891	Trust: 0.6

sources: JVNDB: JVNDB-2018-008029 // CNNVD: CNNVD-201807-505

EXTERNAL IDS

db:	NVD	id:	CVE-2018-11543	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-008029	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-505	Trust: 0.7
db:	VULHUB	id:	VHN-121413	Trust: 0.1

sources: VULHUB: VHN-121413 // JVNDB: JVNDB-2018-008029 // CNNVD: CNNVD-201807-505 // NVD: CVE-2018-11543

REFERENCES

url:	https://gist.github.com/cyberskr/6914c2c2c8a550d6555137a3ff756df4	Trust: 2.5
url:	https://support.sonus.net/display/uxdoc61/sbc+edge+6.1.6+release+notes	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11543	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11543	Trust: 0.8

sources: VULHUB: VHN-121413 // JVNDB: JVNDB-2018-008029 // CNNVD: CNNVD-201807-505 // NVD: CVE-2018-11543

SOURCES

db:	VULHUB	id:	VHN-121413
db:	JVNDB	id:	JVNDB-2018-008029
db:	CNNVD	id:	CNNVD-201807-505
db:	NVD	id:	CVE-2018-11543

LAST UPDATE DATE

2024-11-23T22:55:50.319000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-121413	date:	2018-09-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-008029	date:	2018-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201807-505	date:	2018-07-10T00:00:00
db:	NVD	id:	CVE-2018-11543	date:	2024-11-21T03:43:34.703

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-121413	date:	2018-07-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-008029	date:	2018-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201807-505	date:	2018-07-10T00:00:00
db:	NVD	id:	CVE-2018-11543	date:	2018-07-09T12:29:00.407