Sign-up

ID

VAR-201809-1082


CVE

CVE-2018-7104


TITLE

HPE Intelligent Management Center Wireless Services Manager Software Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-010406

DESCRIPTION

A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02. The solution provides network-wide visibility for comprehensive management of resources, services and users. Wireless Service Manager (WSM) Software is one of the wireless service management software. The vulnerability is caused by the program not validating the length of user-submitted data before copying it into a fixed-length stack-based buffer. A remote attacker could exploit this vulnerability to execute arbitrary code

Trust: 1.8

sources: NVD: CVE-2018-7104 // JVNDB: JVNDB-2018-010406 // VULHUB: VHN-137136 // VULMON: CVE-2018-7104

AFFECTED PRODUCTS

vendor:hpmodel:intelligent management center wireless services manager softwarescope:eqversion:7.3

Trust: 1.6

vendor:hpmodel:intelligent management center wireless services manager softwarescope:ltversion:7.3

Trust: 1.0

vendor:hewlett packardmodel:hpe intelligent management center wireless service managerscope:ltversion:7.3 e0506p02

Trust: 0.8

sources: JVNDB: JVNDB-2018-010406 // CNNVD: CNNVD-201809-1231 // NVD: CVE-2018-7104

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7104
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-7104
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201809-1231
value: CRITICAL

Trust: 0.6

VULHUB: VHN-137136
value: HIGH

Trust: 0.1

VULMON: CVE-2018-7104
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-7104
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-137136
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7104
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-137136 // VULMON: CVE-2018-7104 // JVNDB: JVNDB-2018-010406 // CNNVD: CNNVD-201809-1231 // NVD: CVE-2018-7104

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-137136 // JVNDB: JVNDB-2018-010406 // NVD: CVE-2018-7104

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-1231

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201809-1231

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010406

PATCH
title:hpesbhf03893en_usurl:https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03893en_us
Trust: 0.8
title:HPE Intelligent Management Center Wireless Services Manager Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85247
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-010406 // 
            
            
            
            CNNVD: CNNVD-201809-1231

EXTERNAL IDS
db:NVDid:CVE-2018-7104
Trust: 2.6
db:JVNDBid:JVNDB-2018-010406
Trust: 0.8
db:CNNVDid:CNNVD-201809-1231
Trust: 0.7
db:VULHUBid:VHN-137136
Trust: 0.1
db:VULMONid:CVE-2018-7104
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137136 // 
            
            
            
            VULMON: CVE-2018-7104 // 
            
            
            
            JVNDB: JVNDB-2018-010406 // 
            
            
            
            CNNVD: CNNVD-201809-1231 // 
            
            
            
            NVD: CVE-2018-7104

REFERENCES
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03893en_us
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7104
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7104
Trust: 0.8
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03893en_us
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137136 // 
            
            
            
            VULMON: CVE-2018-7104 // 
            
            
            
            JVNDB: JVNDB-2018-010406 // 
            
            
            
            CNNVD: CNNVD-201809-1231 // 
            
            
            
            NVD: CVE-2018-7104

SOURCES
db:VULHUBid:VHN-137136
db:VULMONid:CVE-2018-7104
db:JVNDBid:JVNDB-2018-010406
db:CNNVDid:CNNVD-201809-1231
db:NVDid:CVE-2018-7104

LAST UPDATE DATE
2024-11-23T23:04:57.912000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-137136date:2020-08-24T00:00:00
db:VULMONid:CVE-2018-7104date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-010406date:2018-12-13T00:00:00
db:CNNVDid:CNNVD-201809-1231date:2020-10-22T00:00:00
db:NVDid:CVE-2018-7104date:2024-11-21T04:11:39.050

SOURCES RELEASE DATE
db:VULHUBid:VHN-137136date:2018-09-27T00:00:00
db:VULMONid:CVE-2018-7104date:2018-09-27T00:00:00
db:JVNDBid:JVNDB-2018-010406date:2018-12-13T00:00:00
db:CNNVDid:CNNVD-201809-1231date:2018-09-28T00:00:00
db:NVDid:CVE-2018-7104date:2018-09-27T18:29:00.673