Details of VAR-201812-0679

ID

VAR-201812-0679

CVE

CVE-2018-20387

TITLE

plural Bnmux Vulnerabilities related to certificate and password management in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-013415

DESCRIPTION

Bnmux BCW700J 5.20.7, BCW710J 5.30.6a, and BCW710J2 5.30.16 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Bnmux BCW700J , BCW710J , BCW710J2 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Bnmux BCW700J, BCW710J and BCW710J2 are all modem products of Japan Broad Net Mux (Bnmux) company. There are security vulnerabilities in Bnmux BCW700J version 5.20.7, BCW710J version 5.30.6a and BCW710J2 version 5.30.16

Trust: 1.71

sources: NVD: CVE-2018-20387 // JVNDB: JVNDB-2018-013415 // VULHUB: VHN-131188

AFFECTED PRODUCTS

vendor:	bnmux	model:	bcw700j	scope:	eq	version:	5.20.7	Trust: 1.6
vendor:	bnmux	model:	bcw710j2	scope:	eq	version:	5.30.16	Trust: 1.6
vendor:	bnmux	model:	bcw710j	scope:	eq	version:	5.30.6a	Trust: 1.6
vendor:	sumitomo electric industries	model:	bcw700j	scope:	eq	version:	5.20.7	Trust: 0.8
vendor:	sumitomo electric industries	model:	bcw710j	scope:	eq	version:	5.30.6a	Trust: 0.8
vendor:	sumitomo electric industries	model:	bcw710j2	scope:	eq	version:	5.30.16	Trust: 0.8

sources: JVNDB: JVNDB-2018-013415 // CNNVD: CNNVD-201812-1045 // NVD: CVE-2018-20387

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-20387
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-20387
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201812-1045
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-131188
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-20387
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-131188
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-20387
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-131188 // JVNDB: JVNDB-2018-013415 // CNNVD: CNNVD-201812-1045 // NVD: CVE-2018-20387

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-255	Trust: 0.8

sources: VULHUB: VHN-131188 // JVNDB: JVNDB-2018-013415 // NVD: CVE-2018-20387

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1045

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1045

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013415

PATCH

title:

Top Page

url:

https://sei.co.jp/

Trust: 0.8

sources: JVNDB: JVNDB-2018-013415

EXTERNAL IDS

db:	NVD	id:	CVE-2018-20387	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-013415	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-1045	Trust: 0.7
db:	VULHUB	id:	VHN-131188	Trust: 0.1

sources: VULHUB: VHN-131188 // JVNDB: JVNDB-2018-013415 // CNNVD: CNNVD-201812-1045 // NVD: CVE-2018-20387

REFERENCES

url:	https://github.com/ezelf/sensitivesoids/blob/master/oidpassswordleaks.csv	Trust: 2.5
url:	https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20387	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20387	Trust: 0.8

sources: VULHUB: VHN-131188 // JVNDB: JVNDB-2018-013415 // CNNVD: CNNVD-201812-1045 // NVD: CVE-2018-20387

SOURCES

db:	VULHUB	id:	VHN-131188
db:	JVNDB	id:	JVNDB-2018-013415
db:	CNNVD	id:	CNNVD-201812-1045
db:	NVD	id:	CVE-2018-20387

LAST UPDATE DATE

2024-11-23T22:26:06.158000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-131188	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013415	date:	2019-02-20T00:00:00
db:	CNNVD	id:	CNNVD-201812-1045	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-20387	date:	2024-11-21T04:01:22.920

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-131188	date:	2018-12-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-013415	date:	2019-02-20T00:00:00
db:	CNNVD	id:	CNNVD-201812-1045	date:	2018-12-24T00:00:00
db:	NVD	id:	CVE-2018-20387	date:	2018-12-23T21:29:00.717