ID

VAR-202012-1268


CVE

CVE-2018-7580


TITLE

Philips Hue  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2018-016530

DESCRIPTION

Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the lights, and all of the hub's functionality will be unresponsive. The cloud service also won't work with the hub

Trust: 1.71

sources: NVD: CVE-2018-7580 // JVNDB: JVNDB-2018-016530 // VULMON: CVE-2018-7580

AFFECTED PRODUCTS

vendor:philipsmodel:huescope:eqversion:*

Trust: 1.0

vendor:フィリップスmodel:huescope:eqversion: -

Trust: 0.8

vendor:フィリップスmodel:huescope:eqversion:hue firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-016530 // NVD: CVE-2018-7580

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2018-7580
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202012-1427
value: HIGH

Trust: 0.6

VULMON: CVE-2018-7580
value: MEDIUM

Trust: 0.1

NVD: CVE-2018-7580
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.9

NVD: CVE-2018-7580
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-7580
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2018-7580 // JVNDB: JVNDB-2018-016530 // CNNVD: CNNVD-202012-1427 // NVD: CVE-2018-7580

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2018-016530 // NVD: CVE-2018-7580

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1427

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202012-1427

CONFIGURATIONS

sources: NVD: CVE-2018-7580

PATCH

title:Top Pageurl:https://www.philips.nl/

Trust: 0.8

sources: JVNDB: JVNDB-2018-016530

EXTERNAL IDS

db:NVDid:CVE-2018-7580

Trust: 2.5

db:PACKETSTORMid:160724

Trust: 1.7

db:JVNDBid:JVNDB-2018-016530

Trust: 0.8

db:CNNVDid:CNNVD-202012-1427

Trust: 0.6

db:VULMONid:CVE-2018-7580

Trust: 0.1

sources: VULMON: CVE-2018-7580 // JVNDB: JVNDB-2018-016530 // CNNVD: CNNVD-202012-1427 // NVD: CVE-2018-7580

REFERENCES

url:http://seclists.org/fulldisclosure/2020/dec/51

Trust: 2.5

url:http://packetstormsecurity.com/files/160724/philips-hue-denial-of-service.html

Trust: 2.3

url:https://www.iliashn.com/cve-2018-7580/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-7580

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2018-7580 // JVNDB: JVNDB-2018-016530 // CNNVD: CNNVD-202012-1427 // NVD: CVE-2018-7580

CREDITS

Ilia Shnaidman

Trust: 0.6

sources: CNNVD: CNNVD-202012-1427

SOURCES

db:VULMONid:CVE-2018-7580
db:JVNDBid:JVNDB-2018-016530
db:CNNVDid:CNNVD-202012-1427
db:NVDid:CVE-2018-7580

LAST UPDATE DATE

2022-08-10T22:39:00.473000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2018-7580date:2020-12-29T00:00:00
db:JVNDBid:JVNDB-2018-016530date:2021-08-24T09:04:00
db:CNNVDid:CNNVD-202012-1427date:2022-08-10T00:00:00
db:NVDid:CVE-2018-7580date:2022-08-06T03:45:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2018-7580date:2020-12-21T00:00:00
db:JVNDBid:JVNDB-2018-016530date:2021-08-24T00:00:00
db:CNNVDid:CNNVD-202012-1427date:2020-12-21T00:00:00
db:NVDid:CVE-2018-7580date:2020-12-21T21:15:00