Sign-up

ID

VAR-201809-0468


CVE

CVE-2018-16591


TITLE

FURUNO FELCOM 250 and 500 Device access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-009806

DESCRIPTION

FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi. FURUNO FELCOM 250 and 500 The device contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FURUNO FELCOM 250 and 500 are shipborne communication equipment of Japan Furuno Electric Company. The /cgi-bin/sm_changepassword.cgi file and the /cgi-bin/sm_sms_changepasswd.cgi file in FURUNO FELCOM 250 and 500 have an access control error vulnerability

Trust: 1.8

sources: NVD: CVE-2018-16591 // JVNDB: JVNDB-2018-009806 // VULHUB: VHN-126966 // VULMON: CVE-2018-16591

AFFECTED PRODUCTS

vendor:furunomodel:felcom 250scope:eqversion: -

Trust: 1.6

vendor:furunomodel:felcom 500scope:eqversion: -

Trust: 1.6

vendor:furuno electricmodel:felcom 250scope: - version: -

Trust: 0.8

vendor:furuno electricmodel:felcom 500scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-009806 // CNNVD: CNNVD-201809-447 // NVD: CVE-2018-16591

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-16591
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-16591
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201809-447
value: CRITICAL

Trust: 0.6

VULHUB: VHN-126966
value: HIGH

Trust: 0.1

VULMON: CVE-2018-16591
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-16591
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-126966
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-16591
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-126966 // VULMON: CVE-2018-16591 // JVNDB: JVNDB-2018-009806 // CNNVD: CNNVD-201809-447 // NVD: CVE-2018-16591

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

problemtype:CWE-425

Trust: 0.1

sources: VULHUB: VHN-126966 // JVNDB: JVNDB-2018-009806 // NVD: CVE-2018-16591

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-447

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201809-447

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009806

PATCH
title:フリートブロードバンドurl:https://www.furuno.com/jp/merchant/fleetbroadband/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-009806

EXTERNAL IDS
db:NVDid:CVE-2018-16591
Trust: 2.6
db:JVNDBid:JVNDB-2018-009806
Trust: 0.8
db:CNNVDid:CNNVD-201809-447
Trust: 0.7
db:VULHUBid:VHN-126966
Trust: 0.1
db:VULMONid:CVE-2018-16591
Trust: 0.1
sources:
            
            
            VULHUB: VHN-126966 // 
            
            
            
            VULMON: CVE-2018-16591 // 
            
            
            
            JVNDB: JVNDB-2018-009806 // 
            
            
            
            CNNVD: CNNVD-201809-447 // 
            
            
            
            NVD: CVE-2018-16591

REFERENCES
url:https://gist.github.com/cyberskr/2c30d964d48b5e1518ded88bd953b710
Trust: 2.6
url:https://cyberskr.com/blog/furuno-felcom.html
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16591
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-16591
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/862.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-126966 // 
            
            
            
            VULMON: CVE-2018-16591 // 
            
            
            
            JVNDB: JVNDB-2018-009806 // 
            
            
            
            CNNVD: CNNVD-201809-447 // 
            
            
            
            NVD: CVE-2018-16591

SOURCES
db:VULHUBid:VHN-126966
db:VULMONid:CVE-2018-16591
db:JVNDBid:JVNDB-2018-009806
db:CNNVDid:CNNVD-201809-447
db:NVDid:CVE-2018-16591

LAST UPDATE DATE
2024-11-23T22:30:17.817000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-126966date:2020-08-24T00:00:00
db:VULMONid:CVE-2018-16591date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-009806date:2018-11-28T00:00:00
db:CNNVDid:CNNVD-201809-447date:2020-08-25T00:00:00
db:NVDid:CVE-2018-16591date:2024-11-21T03:53:00.707

SOURCES RELEASE DATE
db:VULHUBid:VHN-126966date:2018-09-10T00:00:00
db:VULMONid:CVE-2018-16591date:2018-09-10T00:00:00
db:JVNDBid:JVNDB-2018-009806date:2018-11-28T00:00:00
db:CNNVDid:CNNVD-201809-447date:2018-09-11T00:00:00
db:NVDid:CVE-2018-16591date:2018-09-10T17:29:00.587