Sign-up

ID

VAR-201812-0712


CVE

CVE-2018-20401


TITLE

Zoom 5352 Vulnerabilities related to certificate and password management in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-013537

DESCRIPTION

Zoom 5352 v5.5.8.6Y devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. Zoom 5352 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Zoom5352 is a modem device from ZoomTelephonics of the United States. An information disclosure vulnerability exists in the Zoom53525.5.8.6Y version

Trust: 2.25

sources: NVD: CVE-2018-20401 // JVNDB: JVNDB-2018-013537 // CNVD: CNVD-2018-26376 // VULHUB: VHN-131204

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-26376

AFFECTED PRODUCTS

vendor:zoomtelmodel:5352scope:eqversion:5.5.8.6y

Trust: 1.6

vendor:zoom telephonicsmodel:model 5352scope:eqversion:5.5.8.6y

Trust: 0.8

vendor:zoom telephonicsmodel:5.5.8.6yscope:eqversion:5352

Trust: 0.6

sources: CNVD: CNVD-2018-26376 // JVNDB: JVNDB-2018-013537 // CNNVD: CNNVD-201812-1059 // NVD: CVE-2018-20401

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-20401
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-20401
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-26376
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201812-1059
value: CRITICAL

Trust: 0.6

VULHUB: VHN-131204
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-20401
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-26376
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-131204
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-20401
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-26376 // VULHUB: VHN-131204 // JVNDB: JVNDB-2018-013537 // CNNVD: CNNVD-201812-1059 // NVD: CVE-2018-20401

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-255

Trust: 0.8

sources: VULHUB: VHN-131204 // JVNDB: JVNDB-2018-013537 // NVD: CVE-2018-20401

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1059

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1059

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013537

PATCH
title:Model 5352url:http://www.zoomtel.com/products/5352.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-013537

EXTERNAL IDS
db:NVDid:CVE-2018-20401
Trust: 3.1
db:JVNDBid:JVNDB-2018-013537
Trust: 0.8
db:CNNVDid:CNNVD-201812-1059
Trust: 0.7
db:CNVDid:CNVD-2018-26376
Trust: 0.6
db:VULHUBid:VHN-131204
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-26376 // 
            
            
            
            VULHUB: VHN-131204 // 
            
            
            
            JVNDB: JVNDB-2018-013537 // 
            
            
            
            CNNVD: CNNVD-201812-1059 // 
            
            
            
            NVD: CVE-2018-20401

REFERENCES
url:https://github.com/ezelf/sensitivesoids/blob/master/oidpassswordleaks.csv
Trust: 3.1
url:https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20401
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-20401
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-26376 // 
            
            
            
            VULHUB: VHN-131204 // 
            
            
            
            JVNDB: JVNDB-2018-013537 // 
            
            
            
            CNNVD: CNNVD-201812-1059 // 
            
            
            
            NVD: CVE-2018-20401

SOURCES
db:CNVDid:CNVD-2018-26376
db:VULHUBid:VHN-131204
db:JVNDBid:JVNDB-2018-013537
db:CNNVDid:CNNVD-201812-1059
db:NVDid:CVE-2018-20401

LAST UPDATE DATE
2024-11-23T22:00:10.352000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-26376date:2018-12-25T00:00:00
db:VULHUBid:VHN-131204date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-013537date:2019-02-22T00:00:00
db:CNNVDid:CNNVD-201812-1059date:2019-10-23T00:00:00
db:NVDid:CVE-2018-20401date:2024-11-21T04:01:24.893

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-26376date:2018-12-25T00:00:00
db:VULHUBid:VHN-131204date:2018-12-23T00:00:00
db:JVNDBid:JVNDB-2018-013537date:2019-02-22T00:00:00
db:CNNVDid:CNNVD-201812-1059date:2018-12-24T00:00:00
db:NVDid:CVE-2018-20401date:2018-12-23T21:29:01.577