Sign-up

ID

VAR-201807-0805


CVE

CVE-2018-13859


TITLE

MusicCenter / Trivum Multiroom Setup tool C4 Professional Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-008215

DESCRIPTION

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" (a successful attack will allow attackers to login without authorization). MusicCenter / Trivum Multiroom Setup tool C4 Professional Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MusicCenter/Trivum Multiroom Setup Tool is a tool for installing and setting streaming media sources (music players). A remote attacker could exploit this vulnerability to unauthorized reset authentication by sending '?id=0&attr=protectAccess&newValue=0' GET request

Trust: 1.71

sources: NVD: CVE-2018-13859 // JVNDB: JVNDB-2018-008215 // VULHUB: VHN-123960

AFFECTED PRODUCTS

vendor:trivummodel:c4 professionalscope:eqversion:8.76

Trust: 1.6

vendor:triviummodel:c4 professionalscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-008215 // CNNVD: CNNVD-201807-1265 // NVD: CVE-2018-13859

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13859
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-13859
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201807-1265
value: CRITICAL

Trust: 0.6

VULHUB: VHN-123960
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-13859
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-123960
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13859
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-123960 // JVNDB: JVNDB-2018-008215 // CNNVD: CNNVD-201807-1265 // NVD: CVE-2018-13859

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-123960 // JVNDB: JVNDB-2018-008215 // NVD: CVE-2018-13859

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1265

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201807-1265

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008215

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-123960

PATCH
title:Change Notesurl:http://update.trivum.com/update/v9-changes.html
Trust: 0.8
title:MusicCenter/Trivum Multiroom Setup Tool Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84061
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008215 // 
            
            
            
            CNNVD: CNNVD-201807-1265

EXTERNAL IDS
db:NVDid:CVE-2018-13859
Trust: 2.5
db:EXPLOIT-DBid:45088
Trust: 1.7
db:JVNDBid:JVNDB-2018-008215
Trust: 0.8
db:CNNVDid:CNNVD-201807-1265
Trust: 0.7
db:PACKETSTORMid:148677
Trust: 0.1
db:VULHUBid:VHN-123960
Trust: 0.1
sources:
            
            
            VULHUB: VHN-123960 // 
            
            
            
            JVNDB: JVNDB-2018-008215 // 
            
            
            
            CNNVD: CNNVD-201807-1265 // 
            
            
            
            NVD: CVE-2018-13859

REFERENCES
url:http://update.trivum.com/update/v9-changes.html
Trust: 1.7
url:https://www.exploit-db.com/exploits/45088/
Trust: 1.7
url:https://vulncode.com/advisory/cve-2018-13859
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13859
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-13859
Trust: 0.8
sources:
            
            
            VULHUB: VHN-123960 // 
            
            
            
            JVNDB: JVNDB-2018-008215 // 
            
            
            
            CNNVD: CNNVD-201807-1265 // 
            
            
            
            NVD: CVE-2018-13859

SOURCES
db:VULHUBid:VHN-123960
db:JVNDBid:JVNDB-2018-008215
db:CNNVDid:CNNVD-201807-1265
db:NVDid:CVE-2018-13859

LAST UPDATE DATE
2024-11-23T23:08:37.747000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-123960date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-008215date:2018-10-11T00:00:00
db:CNNVDid:CNNVD-201807-1265date:2019-10-23T00:00:00
db:NVDid:CVE-2018-13859date:2024-11-21T03:48:11.950

SOURCES RELEASE DATE
db:VULHUBid:VHN-123960date:2018-07-17T00:00:00
db:JVNDBid:JVNDB-2018-008215date:2018-10-11T00:00:00
db:CNNVDid:CNNVD-201807-1265date:2018-07-17T00:00:00
db:NVDid:CVE-2018-13859date:2018-07-17T14:29:00.280