Details of VAR-201911-1740

ID

VAR-201911-1740

CVE

CVE-2018-20687

TITLE

Raritan CommandCenter Secure Gateway In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-012246

DESCRIPTION

An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Raritan CommandCenter Secure Gateway Is XML An external entity vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The product provides features such as remote control, centralized authentication, authorization, and logging. A code issue vulnerability exists in Raritan CC-SG versions prior to 8.0.0. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products. I. CVE REFERENCE ------------------------- CVE-2018-20687 III. VENDOR ------------------------- https://www.raritan.com/support/product/commandcenter-secure-gateway IV. TIMELINE ------------------------ 04/01/2019 Vulnerability discovered 07/01/2019 Vendor contacted V. CREDIT ------------------------- Okan Coşkun from Biznet Bilisim A.S. Faruk Ünal From Biznet Bilisim A.S. VI. DESCRIPTION ------------------------- Raritan CommandCenter Secure Gateway version prior 8.0.0 affected by XXE. A remote unauthenticated attacker may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts by using this vulnerability. Vulnerable path: /CommandCenterWebServices/.* VII. SOLUTION ------------------------- Update current CommandCenter Secure Gateway VIII. REFERENCES ------------------------- You can find more information about XXE from the link below: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing

Trust: 1.8

sources: NVD: CVE-2018-20687 // JVNDB: JVNDB-2019-012246 // VULHUB: VHN-131518 // PACKETSTORM: 155359

AFFECTED PRODUCTS

vendor:	raritan	model:	commandcenter secure gateway	scope:	lt	version:	8.0.0	Trust: 1.8
vendor:	raritan	model:	commandcenter secure gateway	scope:	eq	version:	6.2.0	Trust: 0.6
vendor:	raritan	model:	commandcenter secure gateway	scope:	eq	version:	7.0.0	Trust: 0.6
vendor:	raritan	model:	commandcenter secure gateway	scope:	eq	version:	4.2.0	Trust: 0.6
vendor:	raritan	model:	commandcenter secure gateway	scope:	eq	version:	5.1.0	Trust: 0.6
vendor:	raritan	model:	commandcenter secure gateway	scope:	eq	version:	4.3.0	Trust: 0.6
vendor:	raritan	model:	commandcenter secure gateway	scope:	eq	version:	5.2.0	Trust: 0.6
vendor:	raritan	model:	commandcenter secure gateway	scope:	eq	version:	6.1.0	Trust: 0.6
vendor:	raritan	model:	commandcenter secure gateway	scope:	eq	version:	5.0.5	Trust: 0.6
vendor:	raritan	model:	commandcenter secure gateway	scope:	eq	version:	6.0.0	Trust: 0.6
vendor:	raritan	model:	commandcenter secure gateway	scope:	eq	version:	5.3.0	Trust: 0.6

sources: JVNDB: JVNDB-2019-012246 // CNNVD: CNNVD-201911-1051 // NVD: CVE-2018-20687

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-20687
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-20687
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201911-1051
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-131518
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-20687
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-131518
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-20687
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-20687
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-131518 // JVNDB: JVNDB-2019-012246 // CNNVD: CNNVD-201911-1051 // NVD: CVE-2018-20687

PROBLEMTYPE DATA

problemtype:

CWE-611

Trust: 1.9

sources: VULHUB: VHN-131518 // JVNDB: JVNDB-2019-012246 // NVD: CVE-2018-20687

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 155359 // CNNVD: CNNVD-201911-1051

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201911-1051

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-012246

PATCH

title:	Top Page	url:	https://www.raritan.com/jp/products/power/dcim-software/power-iq	Trust: 0.8
title:	Raritan CommandCenter Secure Gateway Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103088	Trust: 0.6

sources: JVNDB: JVNDB-2019-012246 // CNNVD: CNNVD-201911-1051

EXTERNAL IDS

db:	NVD	id:	CVE-2018-20687	Trust: 2.6
db:	PACKETSTORM	id:	155359	Trust: 1.8
db:	JVNDB	id:	JVNDB-2019-012246	Trust: 0.8
db:	CNNVD	id:	CNNVD-201911-1051	Trust: 0.7
db:	VULHUB	id:	VHN-131518	Trust: 0.1

sources: VULHUB: VHN-131518 // JVNDB: JVNDB-2019-012246 // PACKETSTORM: 155359 // CNNVD: CNNVD-201911-1051 // NVD: CVE-2018-20687

REFERENCES

url:	http://seclists.org/fulldisclosure/2019/nov/11	Trust: 2.5
url:	http://packetstormsecurity.com/files/155359/raritan-commandcenter-secure-gateway-xml-injection.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20687	Trust: 1.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20687	Trust: 0.8
url:	https://www.raritan.com/support/product/commandcenter-secure-gateway	Trust: 0.1
url:	https://www.owasp.org/index.php/xml_external_entity_(xxe)_processing	Trust: 0.1

sources: VULHUB: VHN-131518 // JVNDB: JVNDB-2019-012246 // PACKETSTORM: 155359 // CNNVD: CNNVD-201911-1051 // NVD: CVE-2018-20687

CREDITS

Okan Coskun

Trust: 0.6

sources: CNNVD: CNNVD-201911-1051

SOURCES

db:	VULHUB	id:	VHN-131518
db:	JVNDB	id:	JVNDB-2019-012246
db:	PACKETSTORM	id:	155359
db:	CNNVD	id:	CNNVD-201911-1051
db:	NVD	id:	CVE-2018-20687

LAST UPDATE DATE

2024-11-23T22:21:23.727000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-131518	date:	2019-11-21T00:00:00
db:	JVNDB	id:	JVNDB-2019-012246	date:	2019-11-27T00:00:00
db:	CNNVD	id:	CNNVD-201911-1051	date:	2019-12-02T00:00:00
db:	NVD	id:	CVE-2018-20687	date:	2024-11-21T04:02:00.033

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-131518	date:	2019-11-18T00:00:00
db:	JVNDB	id:	JVNDB-2019-012246	date:	2019-11-27T00:00:00
db:	PACKETSTORM	id:	155359	date:	2019-11-15T21:32:42
db:	CNNVD	id:	CNNVD-201911-1051	date:	2019-11-15T00:00:00
db:	NVD	id:	CVE-2018-20687	date:	2019-11-18T19:15:12.467