Sign-up

ID

VAR-201809-0467


CVE

CVE-2018-16590


TITLE

FURUNO FELCOM 250 and 500 Authentication vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-010324

DESCRIPTION

FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in login.js for authentication. FURUNO FELCOM 250 and 500 The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FURUNO FELCOM 250 and 500 are shipborne communication equipment of Japan Furuno Electric Company. An authorization issue vulnerability exists in the FURUNO FELCOM 250 and 500 devices. An attacker could exploit this vulnerability to bypass authentication checks and gain access to accounts without a password

Trust: 1.8

sources: NVD: CVE-2018-16590 // JVNDB: JVNDB-2018-010324 // VULHUB: VHN-126965 // VULMON: CVE-2018-16590

AFFECTED PRODUCTS

vendor:furunomodel:felcom 250scope:eqversion: -

Trust: 1.6

vendor:furunomodel:felcom 500scope:eqversion: -

Trust: 1.6

vendor:furuno electricmodel:felcom 250scope: - version: -

Trust: 0.8

vendor:furuno electricmodel:felcom 500scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-010324 // CNNVD: CNNVD-201809-288 // NVD: CVE-2018-16590

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-16590
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-16590
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201809-288
value: CRITICAL

Trust: 0.6

VULHUB: VHN-126965
value: HIGH

Trust: 0.1

VULMON: CVE-2018-16590
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-16590
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-126965
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-16590
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-126965 // VULMON: CVE-2018-16590 // JVNDB: JVNDB-2018-010324 // CNNVD: CNNVD-201809-288 // NVD: CVE-2018-16590

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-126965 // JVNDB: JVNDB-2018-010324 // NVD: CVE-2018-16590

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-288

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201809-288

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010324

PATCH
title:FELCOM250/FELCOM500url:https://www.furuno.com/jp/merchant/fleetbroadband/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-010324

EXTERNAL IDS
db:NVDid:CVE-2018-16590
Trust: 2.6
db:JVNDBid:JVNDB-2018-010324
Trust: 0.8
db:CNNVDid:CNNVD-201809-288
Trust: 0.7
db:VULHUBid:VHN-126965
Trust: 0.1
db:VULMONid:CVE-2018-16590
Trust: 0.1
sources:
            
            
            VULHUB: VHN-126965 // 
            
            
            
            VULMON: CVE-2018-16590 // 
            
            
            
            JVNDB: JVNDB-2018-010324 // 
            
            
            
            CNNVD: CNNVD-201809-288 // 
            
            
            
            NVD: CVE-2018-16590

REFERENCES
url:https://gist.github.com/cyberskr/34a8d6be7646a4bfd4df455f9f52500f
Trust: 2.6
url:https://cyberskr.com/blog/furuno-felcom.html
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16590
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-16590
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-126965 // 
            
            
            
            VULMON: CVE-2018-16590 // 
            
            
            
            JVNDB: JVNDB-2018-010324 // 
            
            
            
            CNNVD: CNNVD-201809-288 // 
            
            
            
            NVD: CVE-2018-16590

SOURCES
db:VULHUBid:VHN-126965
db:VULMONid:CVE-2018-16590
db:JVNDBid:JVNDB-2018-010324
db:CNNVDid:CNNVD-201809-288
db:NVDid:CVE-2018-16590

LAST UPDATE DATE
2024-11-23T22:12:21.056000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-126965date:2018-11-14T00:00:00
db:VULMONid:CVE-2018-16590date:2018-11-14T00:00:00
db:JVNDBid:JVNDB-2018-010324date:2018-12-12T00:00:00
db:CNNVDid:CNNVD-201809-288date:2019-01-29T00:00:00
db:NVDid:CVE-2018-16590date:2024-11-21T03:53:00.327

SOURCES RELEASE DATE
db:VULHUBid:VHN-126965date:2018-09-06T00:00:00
db:VULMONid:CVE-2018-16590date:2018-09-06T00:00:00
db:JVNDBid:JVNDB-2018-010324date:2018-12-12T00:00:00
db:CNNVDid:CNNVD-201809-288date:2018-09-07T00:00:00
db:NVDid:CVE-2018-16590date:2018-09-06T23:29:01.583