Sign-up

ID

VAR-201812-0672


CVE

CVE-2018-20380


TITLE

plural Ambit Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013834

DESCRIPTION

Ambit DDW2600 5.100.1009, DDW2602 5.105.1003, T60C926 4.64.1012, and U10C019 5.66.1026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. plural Ambit The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ambit DDW2600 etc. are all modem products. There are security vulnerabilities in several Ambit products. The following products and versions are affected: Ambit DDW2600 version 5.100.1009; DDW2602 version 5.105.1003; T60C926 version 4.64.1012; U10C019 version 5.66.1026

Trust: 1.71

sources: NVD: CVE-2018-20380 // JVNDB: JVNDB-2018-013834 // VULHUB: VHN-131181

AFFECTED PRODUCTS

vendor:ubeeinteractivemodel:ambit ddw2602scope:eqversion:5.105.1003

Trust: 1.0

vendor:ubeeinteractivemodel:ambit ddw2600scope:eqversion:5.100.1009

Trust: 1.0

vendor:ubeeinteractivemodel:ambit t60c926scope:eqversion:4.64.1012

Trust: 1.0

vendor:ubeeinteractivemodel:ambit u10c019scope:eqversion:5.66.1026

Trust: 1.0

vendor:ubee interactivemodel:ambit ddw2600scope:eqversion:5.100.1009

Trust: 0.8

vendor:ubee interactivemodel:ambit ddw2602scope:eqversion:5.105.1003

Trust: 0.8

vendor:ubee interactivemodel:ambit t60c926scope:eqversion:4.64.1012

Trust: 0.8

vendor:ubee interactivemodel:ambit u10c019scope:eqversion:5.66.1026

Trust: 0.8

sources: JVNDB: JVNDB-2018-013834 // NVD: CVE-2018-20380

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20380
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-20380
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201812-1038
value: CRITICAL

Trust: 0.6

VULHUB: VHN-131181
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-20380
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-131181
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-20380
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-131181 // JVNDB: JVNDB-2018-013834 // CNNVD: CNNVD-201812-1038 // NVD: CVE-2018-20380

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-131181 // JVNDB: JVNDB-2018-013834 // NVD: CVE-2018-20380

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1038

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1038

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013834

PATCH
title:TopPageurl:http://www.ubeeinteractive.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-013834

EXTERNAL IDS
db:NVDid:CVE-2018-20380
Trust: 2.5
db:JVNDBid:JVNDB-2018-013834
Trust: 0.8
db:CNNVDid:CNNVD-201812-1038
Trust: 0.7
db:VULHUBid:VHN-131181
Trust: 0.1
sources:
            
            
            VULHUB: VHN-131181 // 
            
            
            
            JVNDB: JVNDB-2018-013834 // 
            
            
            
            CNNVD: CNNVD-201812-1038 // 
            
            
            
            NVD: CVE-2018-20380

REFERENCES
url:https://github.com/ezelf/sensitivesoids/blob/master/oidpassswordleaks.csv
Trust: 2.5
url:https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20380
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-20380
Trust: 0.8
sources:
            
            
            VULHUB: VHN-131181 // 
            
            
            
            JVNDB: JVNDB-2018-013834 // 
            
            
            
            CNNVD: CNNVD-201812-1038 // 
            
            
            
            NVD: CVE-2018-20380

SOURCES
db:VULHUBid:VHN-131181
db:JVNDBid:JVNDB-2018-013834
db:CNNVDid:CNNVD-201812-1038
db:NVDid:CVE-2018-20380

LAST UPDATE DATE
2024-11-23T22:30:10.450000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-131181date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-013834date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201812-1038date:2020-10-22T00:00:00
db:NVDid:CVE-2018-20380date:2024-11-21T04:01:21.867

SOURCES RELEASE DATE
db:VULHUBid:VHN-131181date:2018-12-23T00:00:00
db:JVNDBid:JVNDB-2018-013834date:2019-03-04T00:00:00
db:CNNVDid:CNNVD-201812-1038date:2018-12-24T00:00:00
db:NVDid:CVE-2018-20380date:2018-12-23T21:29:00.280