Details of VAR-201808-0461

ID

VAR-201808-0461

CVE

CVE-2018-15481

TITLE

UCOPIA Wireless Appliance Vulnerabilities related to authorization, authority, and access control in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-009347

DESCRIPTION

Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape the shell and escalate their privileges by adding a LocalCommand to the SSH configuration file in the user home folder. UCOPIA Wireless Appliance Device firmware contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.62

sources: NVD: CVE-2018-15481 // JVNDB: JVNDB-2018-009347

AFFECTED PRODUCTS

vendor:	ucopia	model:	wireless appliance	scope:	lte	version:	5.1.13	Trust: 1.0
vendor:	ucopia	model:	wireless appliance	scope:	gte	version:	5.1.0	Trust: 1.0
vendor:	ucopia	model:	wireless appliance	scope:	lt	version:	5.1.x	Trust: 0.8
vendor:	ucopia	model:	wireless appliance	scope:	eq	version:	5.1.13	Trust: 0.8

sources: JVNDB: JVNDB-2018-009347 // NVD: CVE-2018-15481

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15481
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-15481
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201808-651
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2018-15481
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2018-15481
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: JVNDB: JVNDB-2018-009347 // CNNVD: CNNVD-201808-651 // NVD: CVE-2018-15481

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	CWE-264	Trust: 0.8

sources: JVNDB: JVNDB-2018-009347 // NVD: CVE-2018-15481

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-651

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201808-651

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009347

PATCH

title:	Top Page	url:	http://www.ucopia.com/en/	Trust: 0.8
title:	UCOPIA Wireless Appliance Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84234	Trust: 0.6

sources: JVNDB: JVNDB-2018-009347 // CNNVD: CNNVD-201808-651

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15481	Trust: 2.4
db:	JVNDB	id:	JVNDB-2018-009347	Trust: 0.8
db:	CNNVD	id:	CNNVD-201808-651	Trust: 0.6

sources: JVNDB: JVNDB-2018-009347 // CNNVD: CNNVD-201808-651 // NVD: CVE-2018-15481

REFERENCES

url:	https://securite.intrinsec.com/2018/08/20/cve-2018-15481-ucopia-wireless-appliance-restricted-shell-escape-5-1-13/	Trust: 2.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15481	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15481	Trust: 0.8

sources: JVNDB: JVNDB-2018-009347 // CNNVD: CNNVD-201808-651 // NVD: CVE-2018-15481

SOURCES

db:	JVNDB	id:	JVNDB-2018-009347
db:	CNNVD	id:	CNNVD-201808-651
db:	NVD	id:	CVE-2018-15481

LAST UPDATE DATE

2024-11-23T22:22:01.206000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2018-009347	date:	2018-11-16T00:00:00
db:	CNNVD	id:	CNNVD-201808-651	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-15481	date:	2024-11-21T03:50:54.390

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2018-009347	date:	2018-11-16T00:00:00
db:	CNNVD	id:	CNNVD-201808-651	date:	2018-08-22T00:00:00
db:	NVD	id:	CVE-2018-15481	date:	2018-08-21T16:29:00.213