Details of VAR-201810-0755

ID

VAR-201810-0755

CVE

CVE-2018-18071

TITLE

iOS for Daimler Mercedes-Benz Me Information disclosure vulnerability in application devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013353

DESCRIPTION

An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as latitude, longitude, and direction of travel. iOS for Daimler Mercedes-Benz Me An application contains an information disclosure vulnerability.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2018-18071 // JVNDB: JVNDB-2018-013353

IOT TAXONOMY

category:

['vehicle device']

sub_category:

vehicle

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	mercedes benz	model:	me	scope:	eq	version:	2.11.0	Trust: 1.6
vendor:	mercedes benz	model:	me	scope:	eq	version:	2.11.0-846	Trust: 0.8

sources: JVNDB: JVNDB-2018-013353 // CNNVD: CNNVD-201810-443 // NVD: CVE-2018-18071

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-18071
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-18071
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201810-443
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2018-18071
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2018-18071
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: JVNDB: JVNDB-2018-013353 // CNNVD: CNNVD-201810-443 // NVD: CVE-2018-18071

PROBLEMTYPE DATA

problemtype:	CWE-319	Trust: 1.0
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2018-013353 // NVD: CVE-2018-18071

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-443

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201810-443

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013353

PATCH

title:

Mercedes me アプリ

url:

https://www.mercedes-benz.com/jp/me/inspire/mercedes-me-app/

Trust: 0.8

sources: JVNDB: JVNDB-2018-013353

EXTERNAL IDS

db:	NVD	id:	CVE-2018-18071	Trust: 2.5
db:	VULDB	id:	125081	Trust: 1.6
db:	JVNDB	id:	JVNDB-2018-013353	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-443	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2018-013353 // CNNVD: CNNVD-201810-443 // NVD: CVE-2018-18071

REFERENCES

url:	https://www.scip.ch/en/?labs.20180405	Trust: 2.4
url:	https://vuldb.com/?id.125081	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18071	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18071	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2018-013353 // CNNVD: CNNVD-201810-443 // NVD: CVE-2018-18071

SOURCES

db:	OTHER	id:	-
db:	JVNDB	id:	JVNDB-2018-013353
db:	CNNVD	id:	CNNVD-201810-443
db:	NVD	id:	CVE-2018-18071

LAST UPDATE DATE

2025-01-30T20:59:14.430000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2018-013353	date:	2019-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201810-443	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-18071	date:	2024-11-21T03:55:26.210

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2018-013353	date:	2019-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201810-443	date:	2018-10-10T00:00:00
db:	NVD	id:	CVE-2018-18071	date:	2018-10-09T09:29:00.400