Sign-up

ID

VAR-201903-1188


CVE

CVE-2018-19783


TITLE

Kentix MultiSensor-LAN Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015104

DESCRIPTION

Kentix MultiSensor-LAN 5.63.00 devices and previous allow Authentication Bypass via an Alternate Path or Channel. Kentix MultiSensor-LAN Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Kentix MultiSensor-LAN is a sensor device used in the IT room by Kentix, Germany. The device monitors the status of infrastructure such as IT and server rooms, data centers, and more. An authentication bypass vulnerability exists in Kentix MultiSensor-LAN5.63.00 and earlier, which could allow an attacker to access and use a user-managed web page

Trust: 2.25

sources: NVD: CVE-2018-19783 // JVNDB: JVNDB-2018-015104 // CNVD: CNVD-2019-02515 // VULHUB: VHN-130477

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-02515

AFFECTED PRODUCTS

vendor:kentixmodel:multisensor-lanscope:lteversion:5.63.00

Trust: 1.0

vendor:kentixmodel:multisensor lanscope:eqversion:5.63.00

Trust: 0.8

vendor:kentixmodel:multisensor-lanscope:lteversion:<=5.63.00

Trust: 0.6

sources: CNVD: CNVD-2019-02515 // JVNDB: JVNDB-2018-015104 // NVD: CVE-2018-19783

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-19783
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-19783
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-02515
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201901-768
value: CRITICAL

Trust: 0.6

VULHUB: VHN-130477
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-19783
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-02515
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-130477
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-19783
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-02515 // VULHUB: VHN-130477 // JVNDB: JVNDB-2018-015104 // CNNVD: CNNVD-201901-768 // NVD: CVE-2018-19783

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-130477 // JVNDB: JVNDB-2018-015104 // NVD: CVE-2018-19783

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-768

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201901-768

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015104

PATCH
title:Top Pageurl:https://kentix.com/en/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-015104

EXTERNAL IDS
db:NVDid:CVE-2018-19783
Trust: 3.1
db:PACKETSTORMid:151237
Trust: 2.3
db:JVNDBid:JVNDB-2018-015104
Trust: 0.8
db:CNNVDid:CNNVD-201901-768
Trust: 0.7
db:CNVDid:CNVD-2019-02515
Trust: 0.6
db:VULHUBid:VHN-130477
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-02515 // 
            
            
            
            VULHUB: VHN-130477 // 
            
            
            
            JVNDB: JVNDB-2018-015104 // 
            
            
            
            CNNVD: CNNVD-201901-768 // 
            
            
            
            NVD: CVE-2018-19783

REFERENCES
url:https://seclists.org/bugtraq/2019/jan/21
Trust: 2.5
url:http://packetstormsecurity.com/files/151237/kentix-multisensor-lan-5.63.00-authentication-bypass.html
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2018-19783
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19783
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-02515 // 
            
            
            
            VULHUB: VHN-130477 // 
            
            
            
            JVNDB: JVNDB-2018-015104 // 
            
            
            
            CNNVD: CNNVD-201901-768 // 
            
            
            
            NVD: CVE-2018-19783

SOURCES
db:CNVDid:CNVD-2019-02515
db:VULHUBid:VHN-130477
db:JVNDBid:JVNDB-2018-015104
db:CNNVDid:CNNVD-201901-768
db:NVDid:CVE-2018-19783

LAST UPDATE DATE
2024-11-23T22:06:18.191000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-02515date:2019-01-23T00:00:00
db:VULHUBid:VHN-130477date:2019-03-27T00:00:00
db:JVNDBid:JVNDB-2018-015104date:2019-04-25T00:00:00
db:CNNVDid:CNNVD-201901-768date:2019-04-03T00:00:00
db:NVDid:CVE-2018-19783date:2024-11-21T03:58:32.683

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-02515date:2019-01-23T00:00:00
db:VULHUBid:VHN-130477date:2019-03-21T00:00:00
db:JVNDBid:JVNDB-2018-015104date:2019-04-25T00:00:00
db:CNNVDid:CNNVD-201901-768date:2019-01-21T00:00:00
db:NVDid:CVE-2018-19783date:2019-03-21T16:00:32.813