Details of VAR-201812-0056

ID

VAR-201812-0056

CVE

CVE-2018-15721

TITLE

Logitech Harmony Hub Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014131

DESCRIPTION

The XMPP server in Logitech Harmony Hub before version 4.15.206 is vulnerable to authentication bypass via a crafted XMPP request. Remote attackers can use this vulnerability to gain access to the local API. Logitech Harmony Hub Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.62

sources: NVD: CVE-2018-15721 // JVNDB: JVNDB-2018-014131

IOT TAXONOMY

category:

['network device']

sub_category:

hub

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:

logitech

model:

harmony hub

scope:

version:

4.15.206

Trust: 1.8

sources: JVNDB: JVNDB-2018-014131 // NVD: CVE-2018-15721

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15721
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-15721
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201812-957
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2018-15721
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2018-15721
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: JVNDB: JVNDB-2018-014131 // CNNVD: CNNVD-201812-957 // NVD: CVE-2018-15721

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2018-014131 // NVD: CVE-2018-15721

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-957

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201812-957

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014131

PATCH

title:	Harmony Hub firmware (v4.15.206)	url:	https://support.myharmony.com/en-de/release-notes	Trust: 0.8
title:	Logitech Harmony Hub XMPP Server security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88115	Trust: 0.6

sources: JVNDB: JVNDB-2018-014131 // CNNVD: CNNVD-201812-957

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15721	Trust: 2.5
db:	TENABLE	id:	TRA-2018-47	Trust: 2.4
db:	JVNDB	id:	JVNDB-2018-014131	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-957	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2018-014131 // CNNVD: CNNVD-201812-957 // NVD: CVE-2018-15721

REFERENCES

url:	https://www.tenable.com/security/research/tra-2018-47	Trust: 2.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15721	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15721	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2018-014131 // CNNVD: CNNVD-201812-957 // NVD: CVE-2018-15721

SOURCES

db:	OTHER	id:	-
db:	JVNDB	id:	JVNDB-2018-014131
db:	CNNVD	id:	CNNVD-201812-957
db:	NVD	id:	CVE-2018-15721

LAST UPDATE DATE

2025-01-30T21:17:13.744000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2018-014131	date:	2019-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201812-957	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-15721	date:	2024-11-21T03:51:20.473

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2018-014131	date:	2019-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201812-957	date:	2018-12-21T00:00:00
db:	NVD	id:	CVE-2018-15721	date:	2018-12-20T21:29:00.680