Sign-up

ID

VAR-201812-0675


CVE

CVE-2018-20383


TITLE

ARRIS DG950A and DG950S Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013414

DESCRIPTION

ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. ARRIS DG950A and DG950S The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both ARRIS DG950A and DG950S are cable modems from Arris Group Corporation in the United States. A security vulnerability exists in ARRIS DG950A version 7.10.145 and DG950S version 7.10.145.EURO

Trust: 1.71

sources: NVD: CVE-2018-20383 // JVNDB: JVNDB-2018-013414 // VULHUB: VHN-131184

AFFECTED PRODUCTS

vendor:arrismodel:dg950sscope:eqversion:7.10.145.euro

Trust: 1.6

vendor:commscopemodel:arris dg950ascope:eqversion:7.10.145

Trust: 1.0

vendor:arris groupmodel:dg950ascope:eqversion:7.10.145

Trust: 0.8

vendor:arris groupmodel:dg950sscope:eqversion:7.10.145.euro

Trust: 0.8

vendor:arrismodel:dg950ascope:eqversion:7.10.145

Trust: 0.6

sources: JVNDB: JVNDB-2018-013414 // CNNVD: CNNVD-201812-1041 // NVD: CVE-2018-20383

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20383
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-20383
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201812-1041
value: CRITICAL

Trust: 0.6

VULHUB: VHN-131184
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-20383
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-131184
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-20383
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-20383
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-131184 // JVNDB: JVNDB-2018-013414 // CNNVD: CNNVD-201812-1041 // NVD: CVE-2018-20383

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-255

Trust: 0.8

sources: VULHUB: VHN-131184 // JVNDB: JVNDB-2018-013414 // NVD: CVE-2018-20383

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1041

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1041

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013414

PATCH
title:Top Pageurl:https://www.arris.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-013414

EXTERNAL IDS
db:NVDid:CVE-2018-20383
Trust: 2.5
db:JVNDBid:JVNDB-2018-013414
Trust: 0.8
db:CNNVDid:CNNVD-201812-1041
Trust: 0.7
db:VULHUBid:VHN-131184
Trust: 0.1
sources:
            
            
            VULHUB: VHN-131184 // 
            
            
            
            JVNDB: JVNDB-2018-013414 // 
            
            
            
            CNNVD: CNNVD-201812-1041 // 
            
            
            
            NVD: CVE-2018-20383

REFERENCES
url:https://github.com/ezelf/sensitivesoids/blob/master/oidpassswordleaks.csv
Trust: 2.5
url:https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20383
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-20383
Trust: 0.8
sources:
            
            
            VULHUB: VHN-131184 // 
            
            
            
            JVNDB: JVNDB-2018-013414 // 
            
            
            
            CNNVD: CNNVD-201812-1041 // 
            
            
            
            NVD: CVE-2018-20383

SOURCES
db:VULHUBid:VHN-131184
db:JVNDBid:JVNDB-2018-013414
db:CNNVDid:CNNVD-201812-1041
db:NVDid:CVE-2018-20383

LAST UPDATE DATE
2024-11-23T21:52:37.748000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-131184date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-013414date:2019-02-20T00:00:00
db:CNNVDid:CNNVD-201812-1041date:2019-10-23T00:00:00
db:NVDid:CVE-2018-20383date:2024-11-21T04:01:22.300

SOURCES RELEASE DATE
db:VULHUBid:VHN-131184date:2018-12-23T00:00:00
db:JVNDBid:JVNDB-2018-013414date:2019-02-20T00:00:00
db:CNNVDid:CNNVD-201812-1041date:2018-12-24T00:00:00
db:NVDid:CVE-2018-20383date:2018-12-23T21:29:00.483