Sign-up

ID

VAR-201811-0018


CVE

CVE-2018-10587


TITLE

NetGain Enterprise Manager In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011786

DESCRIPTION

NetGain Enterprise Manager (EM) is affected by OS Command Injection vulnerabilities in versions before 10.0.57. These vulnerabilities could allow remote authenticated attackers to inject arbitrary code, resulting in remote code execution. NetGainEnterpriseManager (EM) is a plug-and-play hardware IT architecture monitoring and management device developed by NetGainSystems

Trust: 2.16

sources: NVD: CVE-2018-10587 // JVNDB: JVNDB-2018-011786 // CNVD: CNVD-2019-09276

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-09276

AFFECTED PRODUCTS

vendor:netgainmodel:enterprise managerscope:ltversion:10.0.57

Trust: 1.8

vendor:netgainmodel:systems netgain enterprise managerscope:ltversion:10.0.57

Trust: 0.6

sources: CNVD: CNVD-2019-09276 // JVNDB: JVNDB-2018-011786 // NVD: CVE-2018-10587

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10587
value: HIGH

Trust: 1.0

NVD: CVE-2018-10587
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-09276
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201811-009
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2018-10587
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-09276
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-10587
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-09276 // JVNDB: JVNDB-2018-011786 // CNNVD: CNNVD-201811-009 // NVD: CVE-2018-10587

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2018-011786 // NVD: CVE-2018-10587

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-009

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201811-009

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011786

PATCH
title:Top Pageurl:http://www.netgain-systems.com/
Trust: 0.8
title:NetGainEnterpriseManagerOS command injection vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/158247
Trust: 0.6
title:Netgain Enterprise Manager Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86563
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-09276 // 
            
            
            
            JVNDB: JVNDB-2018-011786 // 
            
            
            
            CNNVD: CNNVD-201811-009

EXTERNAL IDS
db:NVDid:CVE-2018-10587
Trust: 3.0
db:JVNDBid:JVNDB-2018-011786
Trust: 0.8
db:CNVDid:CNVD-2019-09276
Trust: 0.6
db:CNNVDid:CNNVD-201811-009
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-09276 // 
            
            
            
            JVNDB: JVNDB-2018-011786 // 
            
            
            
            CNNVD: CNNVD-201811-009 // 
            
            
            
            NVD: CVE-2018-10587

REFERENCES
url:https://www.wizlynxgroup.com/security-research-advisories/vuln/wlx-2018-004
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2018-10587
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10587
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-09276 // 
            
            
            
            JVNDB: JVNDB-2018-011786 // 
            
            
            
            CNNVD: CNNVD-201811-009 // 
            
            
            
            NVD: CVE-2018-10587

SOURCES
db:CNVDid:CNVD-2019-09276
db:JVNDBid:JVNDB-2018-011786
db:CNNVDid:CNNVD-201811-009
db:NVDid:CVE-2018-10587

LAST UPDATE DATE
2024-11-23T21:52:40.463000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-09276date:2019-04-04T00:00:00
db:JVNDBid:JVNDB-2018-011786date:2019-01-23T00:00:00
db:CNNVDid:CNNVD-201811-009date:2018-11-02T00:00:00
db:NVDid:CVE-2018-10587date:2024-11-21T03:41:36.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-09276date:2019-04-04T00:00:00
db:JVNDBid:JVNDB-2018-011786date:2019-01-23T00:00:00
db:CNNVDid:CNNVD-201811-009date:2018-11-02T00:00:00
db:NVDid:CVE-2018-10587date:2018-11-01T17:29:00.327