Sign-up

ID

VAR-201812-1196


CVE

CVE-2018-7364


TITLE

ZTE ZXIN10 Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013000

DESCRIPTION

All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Due to improper access control to devcomm process, an unauthorized remote attacker can exploit this vulnerability to execute arbitrary code with root privileges. ZTE ZXIN10 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTE ZXIN10 is a comprehensive intelligent network system developed by China ZTE Corporation (ZTE). The system mainly provides cross-network intelligent network services for fixed network users, GSM and CDMA mobile network users and paging network users

Trust: 1.8

sources: NVD: CVE-2018-7364 // JVNDB: JVNDB-2018-013000 // VULHUB: VHN-137396 // VULMON: CVE-2018-7364

AFFECTED PRODUCTS

vendor:ztemodel:zxin10scope:ltversion:resv1.01.44

Trust: 1.0

vendor:ztemodel:zxin10scope:lteversion:zxinos-resv1.01.43

Trust: 0.8

vendor:ztemodel:zxin10scope:eqversion:resv1.01.43

Trust: 0.6

sources: JVNDB: JVNDB-2018-013000 // CNNVD: CNNVD-201812-298 // NVD: CVE-2018-7364

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7364
value: CRITICAL

Trust: 1.0

psirt@zte.com.cn: CVE-2018-7364
value: HIGH

Trust: 1.0

NVD: CVE-2018-7364
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201812-298
value: CRITICAL

Trust: 0.6

VULHUB: VHN-137396
value: HIGH

Trust: 0.1

VULMON: CVE-2018-7364
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-7364
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-137396
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7364
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

psirt@zte.com.cn: CVE-2018-7364
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 6.0
version: 3.0

Trust: 1.0

NVD: CVE-2018-7364
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-137396 // VULMON: CVE-2018-7364 // JVNDB: JVNDB-2018-013000 // CNNVD: CNNVD-201812-298 // NVD: CVE-2018-7364 // NVD: CVE-2018-7364

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

problemtype:NVD-CWE-Other

Trust: 1.0

sources: VULHUB: VHN-137396 // JVNDB: JVNDB-2018-013000 // NVD: CVE-2018-7364

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-298

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201812-298

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013000

PATCH
title:Improper Access Control Vulnerability in ZTE ZXIN10 Producturl:http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009943
Trust: 0.8
title:ZTE ZXIN10-Orange Enter the fix for the verification vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=87564
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-013000 // 
            
            
            
            CNNVD: CNNVD-201812-298

EXTERNAL IDS
db:NVDid:CVE-2018-7364
Trust: 2.6
db:ZTEid:1009943
Trust: 1.8
db:JVNDBid:JVNDB-2018-013000
Trust: 0.8
db:CNNVDid:CNNVD-201812-298
Trust: 0.7
db:VULHUBid:VHN-137396
Trust: 0.1
db:VULMONid:CVE-2018-7364
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137396 // 
            
            
            
            VULMON: CVE-2018-7364 // 
            
            
            
            JVNDB: JVNDB-2018-013000 // 
            
            
            
            CNNVD: CNNVD-201812-298 // 
            
            
            
            NVD: CVE-2018-7364

REFERENCES
url:http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1009943
Trust: 3.5
url:https://github.com/orangecertcc/security-research/security/advisories/ghsa-34f2-7h57-rg7p
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7364
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7364
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/284.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137396 // 
            
            
            
            VULMON: CVE-2018-7364 // 
            
            
            
            JVNDB: JVNDB-2018-013000 // 
            
            
            
            CNNVD: CNNVD-201812-298 // 
            
            
            
            NVD: CVE-2018-7364

SOURCES
db:VULHUBid:VHN-137396
db:VULMONid:CVE-2018-7364
db:JVNDBid:JVNDB-2018-013000
db:CNNVDid:CNNVD-201812-298
db:NVDid:CVE-2018-7364

LAST UPDATE DATE
2024-11-23T22:17:10.081000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-137396date:2023-03-01T00:00:00
db:VULMONid:CVE-2018-7364date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-013000date:2019-02-12T00:00:00
db:CNNVDid:CNNVD-201812-298date:2023-03-02T00:00:00
db:NVDid:CVE-2018-7364date:2024-11-21T04:12:04.613

SOURCES RELEASE DATE
db:VULHUBid:VHN-137396date:2018-12-07T00:00:00
db:VULMONid:CVE-2018-7364date:2018-12-07T00:00:00
db:JVNDBid:JVNDB-2018-013000date:2019-02-12T00:00:00
db:CNNVDid:CNNVD-201812-298date:2018-12-10T00:00:00
db:NVDid:CVE-2018-7364date:2018-12-07T14:29:00.727