Sign-up

ID

VAR-201812-0485


CVE

CVE-2018-18871


TITLE

Gigaset Maxwell Basic VoIP phone Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-014390

DESCRIPTION

Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin password without authentication (and without knowing the original password). Gigaset Maxwell Basic VoIP phone Vulnerabilities related to certificate and password management exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Gigaset Maxwell Basic VoIP Phone is an IP phone device. A remote attacker can exploit this vulnerability to modify the administrator password

Trust: 1.71

sources: NVD: CVE-2018-18871 // JVNDB: JVNDB-2018-014390 // VULHUB: VHN-129474

AFFECTED PRODUCTS

vendor:gigasetpromodel:maxwell basicscope:eqversion:2.22.7

Trust: 1.0

vendor:gigaset promodel:maxwell basicscope:eqversion:2.22.7

Trust: 0.8

sources: JVNDB: JVNDB-2018-014390 // NVD: CVE-2018-18871

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-18871
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-18871
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201812-960
value: CRITICAL

Trust: 0.6

VULHUB: VHN-129474
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-18871
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-129474
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-18871
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-129474 // JVNDB: JVNDB-2018-014390 // CNNVD: CNNVD-201812-960 // NVD: CVE-2018-18871

PROBLEMTYPE DATA

problemtype:CWE-640

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-129474 // JVNDB: JVNDB-2018-014390 // NVD: CVE-2018-18871

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-960

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201812-960

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014390

PATCH
title:Top Pageurl:https://www.gigasetpro.com/en/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-014390

EXTERNAL IDS
db:NVDid:CVE-2018-18871
Trust: 2.5
db:JVNDBid:JVNDB-2018-014390
Trust: 0.8
db:CNNVDid:CNNVD-201812-960
Trust: 0.7
db:VULHUBid:VHN-129474
Trust: 0.1
sources:
            
            
            VULHUB: VHN-129474 // 
            
            
            
            JVNDB: JVNDB-2018-014390 // 
            
            
            
            CNNVD: CNNVD-201812-960 // 
            
            
            
            NVD: CVE-2018-18871

REFERENCES
url:https://www.sit.fraunhofer.de/fileadmin/dokumente/cve/advisory_gigaset_maxwell.pdf?_=1541431343
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18871
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-18871
Trust: 0.8
sources:
            
            
            VULHUB: VHN-129474 // 
            
            
            
            JVNDB: JVNDB-2018-014390 // 
            
            
            
            CNNVD: CNNVD-201812-960 // 
            
            
            
            NVD: CVE-2018-18871

SOURCES
db:VULHUBid:VHN-129474
db:JVNDBid:JVNDB-2018-014390
db:CNNVDid:CNNVD-201812-960
db:NVDid:CVE-2018-18871

LAST UPDATE DATE
2024-11-23T22:41:38.546000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-129474date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-014390date:2019-03-19T00:00:00
db:CNNVDid:CNNVD-201812-960date:2020-10-22T00:00:00
db:NVDid:CVE-2018-18871date:2024-11-21T03:56:47.313

SOURCES RELEASE DATE
db:VULHUBid:VHN-129474date:2018-12-20T00:00:00
db:JVNDBid:JVNDB-2018-014390date:2019-03-19T00:00:00
db:CNNVDid:CNNVD-201812-960date:2018-12-21T00:00:00
db:NVDid:CVE-2018-18871date:2018-12-20T21:29:00.823