Sign-up

ID

VAR-201812-0708


CVE

CVE-2018-20397


TITLE

mplus CBC383Z Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013531

DESCRIPTION

mplus CBC383Z CBC383Z_mplus_MDr026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. mplus CBC383Z The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. mplus CBC383Z is a modem product. A security vulnerability exists in mplus CBC383Z CBC383Z_mplus_MDr026 version

Trust: 1.71

sources: NVD: CVE-2018-20397 // JVNDB: JVNDB-2018-013531 // VULHUB: VHN-131199

AFFECTED PRODUCTS

vendor:mplustecmodel:cbc383zscope:eqversion:cbc383z_mplus_mdr026

Trust: 1.6

vendor:mplusmodel:cbc383zscope:eqversion:cbc383z_mplus_mdr026

Trust: 0.8

sources: JVNDB: JVNDB-2018-013531 // CNNVD: CNNVD-201812-1055 // NVD: CVE-2018-20397

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20397
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-20397
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201812-1055
value: CRITICAL

Trust: 0.6

VULHUB: VHN-131199
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-20397
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-131199
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-20397
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-131199 // JVNDB: JVNDB-2018-013531 // CNNVD: CNNVD-201812-1055 // NVD: CVE-2018-20397

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-255

Trust: 0.8

sources: VULHUB: VHN-131199 // JVNDB: JVNDB-2018-013531 // NVD: CVE-2018-20397

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1055

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1055

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013531

EXTERNAL IDS
db:NVDid:CVE-2018-20397
Trust: 2.5
db:JVNDBid:JVNDB-2018-013531
Trust: 0.8
db:CNNVDid:CNNVD-201812-1055
Trust: 0.7
db:VULHUBid:VHN-131199
Trust: 0.1
sources:
            
            
            VULHUB: VHN-131199 // 
            
            
            
            JVNDB: JVNDB-2018-013531 // 
            
            
            
            CNNVD: CNNVD-201812-1055 // 
            
            
            
            NVD: CVE-2018-20397

REFERENCES
url:https://github.com/ezelf/sensitivesoids/blob/master/oidpassswordleaks.csv
Trust: 2.5
url:https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20397
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-20397
Trust: 0.8
sources:
            
            
            VULHUB: VHN-131199 // 
            
            
            
            JVNDB: JVNDB-2018-013531 // 
            
            
            
            CNNVD: CNNVD-201812-1055 // 
            
            
            
            NVD: CVE-2018-20397

SOURCES
db:VULHUBid:VHN-131199
db:JVNDBid:JVNDB-2018-013531
db:CNNVDid:CNNVD-201812-1055
db:NVDid:CVE-2018-20397

LAST UPDATE DATE
2024-11-23T22:45:08.085000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-131199date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-013531date:2019-02-22T00:00:00
db:CNNVDid:CNNVD-201812-1055date:2019-10-23T00:00:00
db:NVDid:CVE-2018-20397date:2024-11-21T04:01:24.340

SOURCES RELEASE DATE
db:VULHUBid:VHN-131199date:2018-12-23T00:00:00
db:JVNDBid:JVNDB-2018-013531date:2019-02-22T00:00:00
db:CNNVDid:CNNVD-201812-1055date:2018-12-24T00:00:00
db:NVDid:CVE-2018-20397date:2018-12-23T21:29:01.357