Details of VAR-201903-0959

ID

VAR-201903-0959

CVE

CVE-2018-18473

TITLE

plural PATLITE Vulnerabilities related to the use of hard-coded credentials in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-015162

DESCRIPTION

A hidden backdoor on PATLITE NH-FB Series devices with firmware version 1.45 or earlier, NH-FV Series devices with firmware version 1.10 or earlier, and NBM Series devices with firmware version 1.09 or earlier allow attackers to enable an SSH daemon via the "kankichi" or "kamiyo4" password to the _secret1.htm URI. Subsequently, the default password of root for the root account allows an attacker to conduct remote code execution and as a result take over the system. PATLITE NBM-D88N , NHL-3FB1 , NHL-3FV1N Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A trust management issue vulnerability exists in PATLITE NH-FB Series, NH-FV Series, and NBM Series. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

Trust: 1.8

sources: NVD: CVE-2018-18473 // JVNDB: JVNDB-2018-015162 // VULHUB: VHN-129036 // VULMON: CVE-2018-18473

AFFECTED PRODUCTS

vendor:	patlite	model:	nhl-3fv1n	scope:	eq	version:	-	Trust: 1.0
vendor:	patlite	model:	nhl-3fb1	scope:	eq	version:	-	Trust: 1.0
vendor:	patlite	model:	nbm-d88n	scope:	eq	version:	-	Trust: 1.0
vendor:	patlite	model:	nbm-d88n	scope:	-	version:	-	Trust: 0.8
vendor:	patlite	model:	nhl-3fb1	scope:	-	version:	-	Trust: 0.8
vendor:	patlite	model:	nhl-3fv1n	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-015162 // NVD: CVE-2018-18473

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-18473
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-18473
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201903-710
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-129036
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-18473
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-18473
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-129036
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-18473
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-129036 // VULMON: CVE-2018-18473 // JVNDB: JVNDB-2018-015162 // CNNVD: CNNVD-201903-710 // NVD: CVE-2018-18473

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.9

sources: VULHUB: VHN-129036 // JVNDB: JVNDB-2018-015162 // NVD: CVE-2018-18473

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-710

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201903-710

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015162

PATCH

title:	NH-FB シリーズ	url:	https://www.patlite.jp/support/nh-spl.html	Trust: 0.8
title:	NH-FV シリーズ	url:	https://www.patlite.jp/support/nh-fv.html	Trust: 0.8
title:	NBM-D88	url:	https://www.patlite.jp/support/nbm.html	Trust: 0.8

sources: JVNDB: JVNDB-2018-015162

EXTERNAL IDS

db:	NVD	id:	CVE-2018-18473	Trust: 2.6
db:	JVNDB	id:	JVNDB-2018-015162	Trust: 0.8
db:	CNNVD	id:	CNNVD-201903-710	Trust: 0.7
db:	VULHUB	id:	VHN-129036	Trust: 0.1
db:	VULMON	id:	CVE-2018-18473	Trust: 0.1

sources: VULHUB: VHN-129036 // VULMON: CVE-2018-18473 // JVNDB: JVNDB-2018-015162 // CNNVD: CNNVD-201903-710 // NVD: CVE-2018-18473

REFERENCES

url:	https://herolab.usd.de/wp-content/uploads/sites/4/usd20180020.txt	Trust: 2.6
url:	https://www.patlite.com/support/security_informationtest.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18473	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18473	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/798.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-129036 // VULMON: CVE-2018-18473 // JVNDB: JVNDB-2018-015162 // CNNVD: CNNVD-201903-710 // NVD: CVE-2018-18473

SOURCES

db:	VULHUB	id:	VHN-129036
db:	VULMON	id:	CVE-2018-18473
db:	JVNDB	id:	JVNDB-2018-015162
db:	CNNVD	id:	CNNVD-201903-710
db:	NVD	id:	CVE-2018-18473

LAST UPDATE DATE

2024-11-23T22:30:07.712000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-129036	date:	2019-09-09T00:00:00
db:	VULMON	id:	CVE-2018-18473	date:	2019-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-015162	date:	2019-09-02T00:00:00
db:	CNNVD	id:	CNNVD-201903-710	date:	2019-09-10T00:00:00
db:	NVD	id:	CVE-2018-18473	date:	2024-11-21T03:55:59.830

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-129036	date:	2019-03-21T00:00:00
db:	VULMON	id:	CVE-2018-18473	date:	2019-03-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-015162	date:	2019-05-08T00:00:00
db:	CNNVD	id:	CNNVD-201903-710	date:	2019-03-21T00:00:00
db:	NVD	id:	CVE-2018-18473	date:	2019-03-21T16:00:28.467