Sign-up

ID

VAR-201901-0852


CVE

CVE-2018-19014


TITLE

plural Drager Vulnerability related to information leakage from log files in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-014558

DESCRIPTION

Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration. plural Drager The product contains a vulnerability related to information disclosure from log files.Information may be obtained. Dräger Infinity is prone to multiple security vulnerabilities: 1. A denial-of-service vulnerability. 2. 3. A privilege-escalation vulnerability. An attacker can leverage these issues to cause an affected device to reboot; resulting in a denial-of-service condition, gain access to sensitive information or gain elevated privileges to perform unauthorized actions

Trust: 1.98

sources: NVD: CVE-2018-19014 // JVNDB: JVNDB-2018-014558 // BID: 106683 // VULHUB: VHN-129631

AFFECTED PRODUCTS

vendor:draegermodel:kappascope:eqversion:*

Trust: 1.0

vendor:draegermodel:infinity explorer c700scope:eqversion:*

Trust: 1.0

vendor:draegermodel:infinity deltascope:eqversion:*

Trust: 1.0

vendor:draegermodel:delta xlscope:eqversion:*

Trust: 1.0

vendor:dragermodel:infinity delta xlscope: - version: -

Trust: 0.8

vendor:dragermodel:infinity deltascope: - version: -

Trust: 0.8

vendor:dragermodel:infinity explorer c700scope: - version: -

Trust: 0.8

vendor:dragermodel:infinity kappascope: - version: -

Trust: 0.8

vendor:drägermodel:infinity kappascope:eqversion:0

Trust: 0.3

vendor:drägermodel:infinity explorer c700scope:eqversion:0

Trust: 0.3

vendor:drägermodel:infinity delta xlscope:eqversion:0

Trust: 0.3

vendor:drägermodel:infinity deltascope:eqversion:0

Trust: 0.3

vendor:drägermodel:infinity explorer c700 vf10.1scope:neversion: -

Trust: 0.3

sources: BID: 106683 // JVNDB: JVNDB-2018-014558 // NVD: CVE-2018-19014

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-19014
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-19014
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201901-792
value: MEDIUM

Trust: 0.6

VULHUB: VHN-129631
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-19014
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-129631
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-19014
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-129631 // JVNDB: JVNDB-2018-014558 // CNNVD: CNNVD-201901-792 // NVD: CVE-2018-19014

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.9

sources: VULHUB: VHN-129631 // JVNDB: JVNDB-2018-014558 // NVD: CVE-2018-19014

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201901-792

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-201901-792

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014558

PATCH
title:Top Pageurl:https://www.draeger.com/en_corp/Home
Trust: 0.8
title:Multiple Drager Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88916
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014558 // 
            
            
            
            CNNVD: CNNVD-201901-792

EXTERNAL IDS
db:NVDid:CVE-2018-19014
Trust: 2.8
db:ICS CERTid:ICSMA-19-022-01
Trust: 2.8
db:BIDid:106683
Trust: 2.0
db:JVNDBid:JVNDB-2018-014558
Trust: 0.8
db:CNNVDid:CNNVD-201901-792
Trust: 0.6
db:VULHUBid:VHN-129631
Trust: 0.1
sources:
            
            
            VULHUB: VHN-129631 // 
            
            
            
            BID: 106683 // 
            
            
            
            JVNDB: JVNDB-2018-014558 // 
            
            
            
            CNNVD: CNNVD-201901-792 // 
            
            
            
            NVD: CVE-2018-19014

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-19-022-01
Trust: 2.8
url:http://www.securityfocus.com/bid/106683
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19014
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19014
Trust: 0.8
url:https://www.draeger.com/en_in/home
Trust: 0.3
url:https://static.draeger.com/security/download/2019-01-22-draeger-infinity-delta-vf10-1-security-advisory.pdf
Trust: 0.3
sources:
            
            
            VULHUB: VHN-129631 // 
            
            
            
            BID: 106683 // 
            
            
            
            JVNDB: JVNDB-2018-014558 // 
            
            
            
            CNNVD: CNNVD-201901-792 // 
            
            
            
            NVD: CVE-2018-19014

CREDITS
Marc Ruef and Rocco Gagliardi from scip AG.
Trust: 0.3
sources:
            
            
            BID: 106683

SOURCES
db:VULHUBid:VHN-129631
db:BIDid:106683
db:JVNDBid:JVNDB-2018-014558
db:CNNVDid:CNNVD-201901-792
db:NVDid:CVE-2018-19014

LAST UPDATE DATE
2024-11-23T22:00:08.862000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-129631date:2019-10-09T00:00:00
db:BIDid:106683date:2019-01-22T00:00:00
db:JVNDBid:JVNDB-2018-014558date:2019-03-27T00:00:00
db:CNNVDid:CNNVD-201901-792date:2019-10-17T00:00:00
db:NVDid:CVE-2018-19014date:2024-11-21T03:57:10.087

SOURCES RELEASE DATE
db:VULHUBid:VHN-129631date:2019-01-28T00:00:00
db:BIDid:106683date:2019-01-22T00:00:00
db:JVNDBid:JVNDB-2018-014558date:2019-03-27T00:00:00
db:CNNVDid:CNNVD-201901-792date:2019-01-23T00:00:00
db:NVDid:CVE-2018-19014date:2019-01-28T22:29:00.397