Sign-up

ID

VAR-201907-1135


CVE

CVE-2018-14529


TITLE

Invoxia NVX220 Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-23983 // CNNVD: CNNVD-201907-320

DESCRIPTION

Invoxia NVX220 devices allow access to /bin/sh via escape from a restricted CLI, leading to disclosure of password hashes. Invoxia NVX220 The device contains an information disclosure vulnerability.Information may be obtained. The Invoxia NVX220 is an IP phone from Invoxia, France. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component

Trust: 2.34

sources: NVD: CVE-2018-14529 // JVNDB: JVNDB-2018-015842 // CNVD: CNVD-2019-23983 // VULHUB: VHN-124697 // VULMON: CVE-2018-14529

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-23983

AFFECTED PRODUCTS

vendor:invoxiamodel:nvx220scope: - version: -

Trust: 1.4

vendor:invoxiamodel:nvx220scope:eqversion: -

Trust: 1.0

sources: CNVD: CNVD-2019-23983 // JVNDB: JVNDB-2018-015842 // NVD: CVE-2018-14529

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14529
value: HIGH

Trust: 1.0

NVD: CVE-2018-14529
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-23983
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201907-320
value: HIGH

Trust: 0.6

VULHUB: VHN-124697
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-14529
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-14529
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-23983
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-124697
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-14529
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-23983 // VULHUB: VHN-124697 // VULMON: CVE-2018-14529 // JVNDB: JVNDB-2018-015842 // CNNVD: CNNVD-201907-320 // NVD: CVE-2018-14529

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-124697 // JVNDB: JVNDB-2018-015842 // NVD: CVE-2018-14529

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-320

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201907-320

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015842

PATCH
title:Top Pageurl:https://www.invoxia.com/intl
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-015842

EXTERNAL IDS
db:NVDid:CVE-2018-14529
Trust: 3.2
db:JVNDBid:JVNDB-2018-015842
Trust: 0.8
db:CNNVDid:CNNVD-201907-320
Trust: 0.7
db:CNVDid:CNVD-2019-23983
Trust: 0.6
db:VULHUBid:VHN-124697
Trust: 0.1
db:VULMONid:CVE-2018-14529
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-23983 // 
            
            
            
            VULHUB: VHN-124697 // 
            
            
            
            VULMON: CVE-2018-14529 // 
            
            
            
            JVNDB: JVNDB-2018-015842 // 
            
            
            
            CNNVD: CNNVD-201907-320 // 
            
            
            
            NVD: CVE-2018-14529

REFERENCES
url:https://gitlab.com/r3dlight/cve-2018-14529
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-14529
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14529
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-23983 // 
            
            
            
            VULHUB: VHN-124697 // 
            
            
            
            VULMON: CVE-2018-14529 // 
            
            
            
            JVNDB: JVNDB-2018-015842 // 
            
            
            
            CNNVD: CNNVD-201907-320 // 
            
            
            
            NVD: CVE-2018-14529

SOURCES
db:CNVDid:CNVD-2019-23983
db:VULHUBid:VHN-124697
db:VULMONid:CVE-2018-14529
db:JVNDBid:JVNDB-2018-015842
db:CNNVDid:CNNVD-201907-320
db:NVDid:CVE-2018-14529

LAST UPDATE DATE
2024-11-23T22:25:53.628000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-23983date:2019-07-23T00:00:00
db:VULHUBid:VHN-124697date:2019-07-11T00:00:00
db:VULMONid:CVE-2018-14529date:2019-07-11T00:00:00
db:JVNDBid:JVNDB-2018-015842date:2019-07-12T00:00:00
db:CNNVDid:CNNVD-201907-320date:2019-07-12T00:00:00
db:NVDid:CVE-2018-14529date:2024-11-21T03:49:16.400

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-23983date:2019-07-23T00:00:00
db:VULHUBid:VHN-124697date:2019-07-05T00:00:00
db:VULMONid:CVE-2018-14529date:2019-07-05T00:00:00
db:JVNDBid:JVNDB-2018-015842date:2019-07-12T00:00:00
db:CNNVDid:CNNVD-201907-320date:2019-07-05T00:00:00
db:NVDid:CVE-2018-14529date:2019-07-05T20:15:13.797