Sign-up

ID

VAR-201905-0986


CVE

CVE-2018-7083


TITLE

Aruba Instant Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-015421

DESCRIPTION

If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba Instant web interface. Core dumps could contain sensitive information such as keys and passwords. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0. Siemens SCALANCE W1750D is prone to following security vulnerabilities: 1. Multiple information disclosure vulnerabilities 2. A cross-site-scripting vulnerability 3. Multiple remote command injection vulnerabilities Attackers can exploit these issues to obtain sensitive information, or execute arbitrary commands or arbitrary HTML or script code in the browser of an unsuspecting user within the context of the affected application. This can allow the attacker to steal cookie-based authentication credentials and aid in further attacks. Versions prior to SCALANCE W1750D 8.4.0.1 are vulnerable

Trust: 1.98

sources: NVD: CVE-2018-7083 // JVNDB: JVNDB-2018-015421 // BID: 108374 // VULMON: CVE-2018-7083

AFFECTED PRODUCTS

vendor:arubanetworksmodel:aruba instantscope:gteversion:8.3.0

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:ltversion:4.2.4.12

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:ltversion:8.3.0.6

Trust: 1.0

vendor:siemensmodel:scalance w1750dscope:ltversion:8.4.0.1

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:gteversion:6.5.0

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:ltversion:6.5.4.11

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:gteversion:4.0

Trust: 1.0

vendor:arubamodel:instant apscope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance w1750dscope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance w1750dscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:scalance w1750dscope:neversion:8.4.0.1

Trust: 0.3

sources: BID: 108374 // JVNDB: JVNDB-2018-015421 // NVD: CVE-2018-7083

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2018-7083
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201903-059
value: HIGH

Trust: 0.6

VULMON: CVE-2018-7083
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-7083
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

NVD: CVE-2018-7083
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 1.8

sources: VULMON: CVE-2018-7083 // JVNDB: JVNDB-2018-015421 // CNNVD: CNNVD-201903-059 // NVD: CVE-2018-7083

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2018-015421 // NVD: CVE-2018-7083

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-059

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201903-059

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2018-7083

PATCH
title:ARUBA-PSA-2019-001url:http://www.arubanetworks.com/assets/alert/aruba-psa-2019-001.txt
Trust: 0.8
title:SSA-549547url:https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf
Trust: 0.8
title:Aruba Networks Instant Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98212
Trust: 0.6
title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=f04f471bbc12c6e00cc683978d7f0589
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-7083 // 
            
            
            
            JVNDB: JVNDB-2018-015421 // 
            
            
            
            CNNVD: CNNVD-201903-059

EXTERNAL IDS
db:NVDid:CVE-2018-7083
Trust: 2.8
db:BIDid:108374
Trust: 2.0
db:ICS CERTid:ICSA-19-134-07
Trust: 1.8
db:SIEMENSid:SSA-549547
Trust: 1.7
db:JVNDBid:JVNDB-2018-015421
Trust: 0.8
db:ICS CERTid:ICSA-19-134-02
Trust: 0.6
db:AUSCERTid:ESB-2019.1716.2
Trust: 0.6
db:CNNVDid:CNNVD-201903-059
Trust: 0.6
db:VULMONid:CVE-2018-7083
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-7083 // 
            
            
            
            BID: 108374 // 
            
            
            
            JVNDB: JVNDB-2018-015421 // 
            
            
            
            CNNVD: CNNVD-201903-059 // 
            
            
            
            NVD: CVE-2018-7083

REFERENCES
url:http://www.securityfocus.com/bid/108374
Trust: 2.4
url:http://www.arubanetworks.com/assets/alert/aruba-psa-2019-001.txt
Trust: 1.7
url:https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-7083
Trust: 1.4
url:https://ics-cert.us-cert.gov/advisories/icsa-19-134-07
Trust: 1.0
url:http://www.siemens.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7083
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-19-134-07
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsa-19-134-02-0
Trust: 0.6
url:https://vigilance.fr/vulnerability/alcatel-lucent-enterprise-omniaccess-wlan-instant-multiple-vulnerabilities-28646
Trust: 0.6
url:https://www.auscert.org.au/bulletins/80946
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-7083 // 
            
            
            
            BID: 108374 // 
            
            
            
            JVNDB: JVNDB-2018-015421 // 
            
            
            
            CNNVD: CNNVD-201903-059 // 
            
            
            
            NVD: CVE-2018-7083

CREDITS
Siemens reported these vulnerabilities to NCCIC.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201903-059

SOURCES
db:VULMONid:CVE-2018-7083
db:BIDid:108374
db:JVNDBid:JVNDB-2018-015421
db:CNNVDid:CNNVD-201903-059
db:NVDid:CVE-2018-7083

LAST UPDATE DATE
2022-05-04T08:54:09.632000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2018-7083date:2019-05-20T00:00:00
db:BIDid:108374date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2018-015421date:2019-07-08T00:00:00
db:CNNVDid:CNNVD-201903-059date:2019-09-12T00:00:00
db:NVDid:CVE-2018-7083date:2019-05-20T16:29:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2018-7083date:2019-05-10T00:00:00
db:BIDid:108374date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2018-015421date:2019-06-04T00:00:00
db:CNNVDid:CNNVD-201903-059date:2019-03-04T00:00:00
db:NVDid:CVE-2018-7083date:2019-05-10T17:29:00