Sign-up

ID

VAR-201812-1197


CVE

CVE-2018-7365


TITLE

ZXCLOUD iRAI Vulnerabilities related to untrusted search paths

Trust: 0.8

sources: JVNDB: JVNDB-2018-014215

DESCRIPTION

All versions up to ZXCLOUD iRAI V5.01.05 of the ZTE uSmartView product are impacted by untrusted search path vulnerability, which may allow an unauthorized user to perform unauthorized operations. ZXCLOUD iRAI Contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTE uSmartView is China's ZTE Corporation ( ZTE ) company's cloud office desktop

Trust: 1.71

sources: NVD: CVE-2018-7365 // JVNDB: JVNDB-2018-014215 // VULHUB: VHN-137397

AFFECTED PRODUCTS

vendor:ztemodel:zxcloud iraiscope:lteversion:5.01.05

Trust: 1.8

vendor:ztemodel:usmartviewscope:eqversion: -

Trust: 1.0

vendor:ztemodel:usmartviewscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-014215 // NVD: CVE-2018-7365

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7365
value: HIGH

Trust: 1.0

psirt@zte.com.cn: CVE-2018-7365
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-7365
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201812-878
value: HIGH

Trust: 0.6

VULHUB: VHN-137397
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7365
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-137397
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7365
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

psirt@zte.com.cn: CVE-2018-7365
baseSeverity: MEDIUM
baseScore: 5.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.0
impactScore: 3.7
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-137397 // JVNDB: JVNDB-2018-014215 // CNNVD: CNNVD-201812-878 // NVD: CVE-2018-7365 // NVD: CVE-2018-7365

PROBLEMTYPE DATA

problemtype:CWE-426

Trust: 1.9

sources: VULHUB: VHN-137397 // JVNDB: JVNDB-2018-014215 // NVD: CVE-2018-7365

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-878

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-878

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014215

PATCH
title:Untrusted Search Path Vulnerability in ZTE USmartView Producturl:http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010005
Trust: 0.8
title:ZTE uSmartView ZXCLOUD iRAI Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88056
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014215 // 
            
            
            
            CNNVD: CNNVD-201812-878

EXTERNAL IDS
db:NVDid:CVE-2018-7365
Trust: 2.5
db:ZTEid:1010005
Trust: 1.7
db:JVNDBid:JVNDB-2018-014215
Trust: 0.8
db:CNNVDid:CNNVD-201812-878
Trust: 0.7
db:VULHUBid:VHN-137397
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137397 // 
            
            
            
            JVNDB: JVNDB-2018-014215 // 
            
            
            
            CNNVD: CNNVD-201812-878 // 
            
            
            
            NVD: CVE-2018-7365

REFERENCES
url:http://support.zte.com.cn/support/news/loopholeinfodetail.aspx?newsid=1010005
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7365
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7365
Trust: 0.8
sources:
            
            
            VULHUB: VHN-137397 // 
            
            
            
            JVNDB: JVNDB-2018-014215 // 
            
            
            
            CNNVD: CNNVD-201812-878 // 
            
            
            
            NVD: CVE-2018-7365

SOURCES
db:VULHUBid:VHN-137397
db:JVNDBid:JVNDB-2018-014215
db:CNNVDid:CNNVD-201812-878
db:NVDid:CVE-2018-7365

LAST UPDATE DATE
2024-11-23T22:51:53.338000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-137397date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-014215date:2019-03-14T00:00:00
db:CNNVDid:CNNVD-201812-878date:2019-10-17T00:00:00
db:NVDid:CVE-2018-7365date:2024-11-21T04:12:04.743

SOURCES RELEASE DATE
db:VULHUBid:VHN-137397date:2018-12-20T00:00:00
db:JVNDBid:JVNDB-2018-014215date:2019-03-14T00:00:00
db:CNNVDid:CNNVD-201812-878date:2018-12-21T00:00:00
db:NVDid:CVE-2018-7365date:2018-12-20T14:29:00.790