Details of VAR-201904-0582

ID

VAR-201904-0582

CVE

CVE-2018-17564

TITLE

Grandstream GXP16xx VoIP phone Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015195

DESCRIPTION

A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device. Grandstream GXP16xx VoIP phone Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Grandstream GXP16xx VoIP is a 16XX series IP phone of Grandstream. An input validation error vulnerability exists in Grandstream GXP16xx VoIP version 1.0.4.128. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 1.71

sources: NVD: CVE-2018-17564 // JVNDB: JVNDB-2018-015195 // VULHUB: VHN-128036

AFFECTED PRODUCTS

vendor:	grandstream	model:	gxp1610	scope:	eq	version:	1.0.4.128	Trust: 1.8
vendor:	grandstream	model:	gxp1615	scope:	eq	version:	1.0.4.128	Trust: 1.8
vendor:	grandstream	model:	gxp1620	scope:	eq	version:	1.0.4.128	Trust: 1.8
vendor:	grandstream	model:	gxp1625	scope:	eq	version:	1.0.4.128	Trust: 1.8
vendor:	grandstream	model:	gxp1628	scope:	eq	version:	1.0.4.128	Trust: 1.8
vendor:	grandstream	model:	gxp1630	scope:	eq	version:	1.0.4.128	Trust: 1.8

sources: JVNDB: JVNDB-2018-015195 // NVD: CVE-2018-17564

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-17564
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-17564
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201904-033
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-128036
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-17564
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-128036
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-17564
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-128036 // JVNDB: JVNDB-2018-015195 // CNNVD: CNNVD-201904-033 // NVD: CVE-2018-17564

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9
problemtype:	CWE-20	Trust: 0.1

sources: VULHUB: VHN-128036 // JVNDB: JVNDB-2018-015195 // NVD: CVE-2018-17564

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-033

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201904-033

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015195

PATCH

title:	Important Firmware News (HD IP Phones)	url:	http://www.grandstream.com/support/firmware	Trust: 0.8
title:	Grandstream GXP16xx VoIP Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90945	Trust: 0.6

sources: JVNDB: JVNDB-2018-015195 // CNNVD: CNNVD-201904-033

EXTERNAL IDS

db:	NVD	id:	CVE-2018-17564	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-015195	Trust: 0.8
db:	CNNVD	id:	CNNVD-201904-033	Trust: 0.7
db:	VULHUB	id:	VHN-128036	Trust: 0.1

sources: VULHUB: VHN-128036 // JVNDB: JVNDB-2018-015195 // CNNVD: CNNVD-201904-033 // NVD: CVE-2018-17564

REFERENCES

url:	http://grandstream.com/support/firmware	Trust: 1.7
url:	https://iridiumxor.wordpress.com/2019/01/03/three-simple-cves-for-a-good-voip-phone/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17564	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17564	Trust: 0.8
url:	http://www.iridiumxor.blog/2019/01/three-simple-cves-for-a-good-voip-phone/	Trust: 0.6

sources: VULHUB: VHN-128036 // JVNDB: JVNDB-2018-015195 // CNNVD: CNNVD-201904-033 // NVD: CVE-2018-17564

SOURCES

db:	VULHUB	id:	VHN-128036
db:	JVNDB	id:	JVNDB-2018-015195
db:	CNNVD	id:	CNNVD-201904-033
db:	NVD	id:	CVE-2018-17564

LAST UPDATE DATE

2024-11-23T22:58:45.261000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-128036	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-015195	date:	2019-05-09T00:00:00
db:	CNNVD	id:	CNNVD-201904-033	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2018-17564	date:	2024-11-21T03:54:36.833

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-128036	date:	2019-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-015195	date:	2019-05-09T00:00:00
db:	CNNVD	id:	CNNVD-201904-033	date:	2019-04-01T00:00:00
db:	NVD	id:	CVE-2018-17564	date:	2019-04-01T21:29:26.013