Sign-up

ID

VAR-201807-1190


CVE

CVE-2018-0613


TITLE

Multiple vulnerabilities in Calsos CSDX and CSDJ series products

Trust: 0.8

sources: JVNDB: JVNDB-2018-000068

DESCRIPTION

NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors. Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. * Access Restriction Bypass (CWE-284) - CVE-2018-0613 * Cross-site scripting (CWE-79) - CVE-2018-0614 NEC Platforms, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinated under the Information Security Early Warning Partnership.* An arbitrary operation with administrative privilege may be performed by an attacker who logged in with the user privilege - CVE-2018-0613 * An arbitrary script may be executed on a logged in user's web browser - CVE-2018-0614. A remote attacker could exploit the vulnerability to bypass access restrictions and perform arbitrary operations with administrative privileges

Trust: 2.25

sources: NVD: CVE-2018-0613 // JVNDB: JVNDB-2018-000068 // CNVD: CNVD-2019-26780 // VULHUB: VHN-118815

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-26780

AFFECTED PRODUCTS

vendor:necplatformsmodel:calsos csdj-ascope:lteversion:03.00.00

Trust: 1.0

vendor:necplatformsmodel:calsos csdxscope:lteversion:1.37210411

Trust: 1.0

vendor:necplatformsmodel:calsos csdj-dscope:lteversion:01.03.00

Trust: 1.0

vendor:necplatformsmodel:calsos csdj-hscope:lteversion:01.03.00

Trust: 1.0

vendor:necplatformsmodel:calsos csdj-bscope:lteversion:01.03.00

Trust: 1.0

vendor:necplatformsmodel:calsos csdx\scope:lteversion:2.37210411

Trust: 1.0

vendor:necplatformsmodel:calsos csdx\scope:lteversion:3.37210411

Trust: 1.0

vendor:necplatformsmodel:calsos csdx\scope:lteversion:4.37210411

Trust: 1.0

vendor:nec platformsmodel:csdjscope:eqversion:-a 03.00.00

Trust: 0.8

vendor:nec platformsmodel:csdjscope:lteversion:-b 01.03.00

Trust: 0.8

vendor:nec platformsmodel:csdjscope:lteversion:-d 01.03.00

Trust: 0.8

vendor:nec platformsmodel:csdjscope:lteversion:-h 01.03.00

Trust: 0.8

vendor:nec platformsmodel:csdxscope:lteversion:(d) 3.37210411

Trust: 0.8

vendor:nec platformsmodel:csdxscope:lteversion:(p) 4.37210411

Trust: 0.8

vendor:nec platformsmodel:csdxscope:lteversion:(s) 2.37210411

Trust: 0.8

vendor:nec platformsmodel:csdxscope:lteversion:1.37210411

Trust: 0.8

vendor:necmodel:platforms calsos csdxscope:lteversion:<=1.37210411

Trust: 0.6

vendor:necmodel:platforms csdxscope:lteversion:<=4.37210411

Trust: 0.6

vendor:necmodel:platforms csdxscope:lteversion:<=3.37210411

Trust: 0.6

vendor:necmodel:platforms csdxscope:lteversion:<=2.37210411

Trust: 0.6

vendor:necmodel:platforms csdj-bscope:lteversion:<=01.03.00

Trust: 0.6

vendor:necmodel:platforms csdj-hscope:lteversion:<=01.03.00

Trust: 0.6

vendor:necmodel:platforms csdj-dscope:lteversion:<=01.03.00

Trust: 0.6

vendor:necmodel:platforms csdj-ascope:eqversion:03.00.00

Trust: 0.6

vendor:necplatformsmodel:calsos csdj-bscope:eqversion:01.03.00

Trust: 0.6

vendor:necplatformsmodel:calsos csdj-ascope:eqversion:03.00.00

Trust: 0.6

vendor:necplatformsmodel:calsos csdx\scope:eqversion:4.37210411

Trust: 0.6

vendor:necplatformsmodel:calsos csdj-hscope:eqversion:01.03.00

Trust: 0.6

vendor:necplatformsmodel:calsos csdx\scope:eqversion:2.37210411

Trust: 0.6

vendor:necplatformsmodel:calsos csdxscope:eqversion:1.37210411

Trust: 0.6

vendor:necplatformsmodel:calsos csdx\scope:eqversion:3.37210411

Trust: 0.6

vendor:necplatformsmodel:calsos csdj-dscope:eqversion:01.03.00

Trust: 0.6

sources: CNVD: CNVD-2019-26780 // JVNDB: JVNDB-2018-000068 // CNNVD: CNNVD-201807-1900 // NVD: CVE-2018-0613

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0613
value: HIGH

Trust: 1.0

IPA: JVNDB-2018-000068
value: HIGH

Trust: 0.8

IPA: JVNDB-2018-000068
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-26780
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201807-1900
value: HIGH

Trust: 0.6

VULHUB: VHN-118815
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0613
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2018-000068
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2018-000068
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2019-26780
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118815
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0613
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2018-000068
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA: JVNDB-2018-000068
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-26780 // VULHUB: VHN-118815 // JVNDB: JVNDB-2018-000068 // JVNDB: JVNDB-2018-000068 // CNNVD: CNNVD-201807-1900 // NVD: CVE-2018-0613

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

problemtype:CWE-79

Trust: 0.8

sources: VULHUB: VHN-118815 // JVNDB: JVNDB-2018-000068 // NVD: CVE-2018-0613

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1900

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201807-1900

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-000068

PATCH
title:NEC Platforms, Ltd. website url:https://www.necplatforms.co.jp/product/enkaku/info180702.html
Trust: 0.8
title:NEC Platforms Calsos CSDX and CSDJ Series Products Access Restricted Bypass Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/174499
Trust: 0.6
title:NEC Platforms Calsos CSDX  and CSDJ Repair measures for series product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82645
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-26780 // 
            
            
            
            JVNDB: JVNDB-2018-000068 // 
            
            
            
            CNNVD: CNNVD-201807-1900

EXTERNAL IDS
db:NVDid:CVE-2018-0613
Trust: 3.1
db:JVNid:JVN63895206
Trust: 2.5
db:JVNDBid:JVNDB-2018-000068
Trust: 0.8
db:CNNVDid:CNNVD-201807-1900
Trust: 0.7
db:CNVDid:CNVD-2019-26780
Trust: 0.6
db:VULHUBid:VHN-118815
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-26780 // 
            
            
            
            VULHUB: VHN-118815 // 
            
            
            
            JVNDB: JVNDB-2018-000068 // 
            
            
            
            CNNVD: CNNVD-201807-1900 // 
            
            
            
            NVD: CVE-2018-0613

REFERENCES
url:http://jvn.jp/en/jp/jvn63895206/index.html
Trust: 2.5
url:https://www.necplatforms.co.jp/product/enkaku/info180702.html
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0613
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0614
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0614
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0613
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-26780 // 
            
            
            
            VULHUB: VHN-118815 // 
            
            
            
            JVNDB: JVNDB-2018-000068 // 
            
            
            
            CNNVD: CNNVD-201807-1900 // 
            
            
            
            NVD: CVE-2018-0613

SOURCES
db:CNVDid:CNVD-2019-26780
db:VULHUBid:VHN-118815
db:JVNDBid:JVNDB-2018-000068
db:CNNVDid:CNNVD-201807-1900
db:NVDid:CVE-2018-0613

LAST UPDATE DATE
2024-11-23T21:38:45.010000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-26780date:2019-08-12T00:00:00
db:VULHUBid:VHN-118815date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-000068date:2019-07-24T00:00:00
db:CNNVDid:CNNVD-201807-1900date:2019-10-23T00:00:00
db:NVDid:CVE-2018-0613date:2024-11-21T03:38:35.587

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-26780date:2019-08-12T00:00:00
db:VULHUBid:VHN-118815date:2018-07-26T00:00:00
db:JVNDBid:JVNDB-2018-000068date:2018-07-02T00:00:00
db:CNNVDid:CNNVD-201807-1900date:2018-07-27T00:00:00
db:NVDid:CVE-2018-0613date:2018-07-26T17:29:00.503