Sign-up

ID

VAR-202012-1268


CVE

CVE-2018-7580


TITLE

Philips Hue  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2018-016530

DESCRIPTION

Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the lights, and all of the hub's functionality will be unresponsive. The cloud service also won't work with the hub

Trust: 1.71

sources: NVD: CVE-2018-7580 // JVNDB: JVNDB-2018-016530 // VULMON: CVE-2018-7580

AFFECTED PRODUCTS

vendor:philipsmodel:huescope:eqversion:*

Trust: 1.0

vendor:フィリップスmodel:huescope:eqversion: -

Trust: 0.8

vendor:フィリップスmodel:huescope:eqversion:hue firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-016530 // NVD: CVE-2018-7580

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2018-7580
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202012-1427
value: HIGH

Trust: 0.6

VULMON: CVE-2018-7580
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2018-7580
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.9

NVD:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2018-7580
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2018-7580 // JVNDB: JVNDB-2018-016530 // NVD: CVE-2018-7580 // CNNVD: CNNVD-202012-1427

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2018-016530 // NVD: CVE-2018-7580

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202012-1427

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202012-1427

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2018-7580

PATCH
title:Top Pageurl:https://www.philips.nl/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-016530

EXTERNAL IDS
db:NVDid:CVE-2018-7580
Trust: 2.5
db:PACKETSTORMid:160724
Trust: 1.7
db:JVNDBid:JVNDB-2018-016530
Trust: 0.8
db:CNNVDid:CNNVD-202012-1427
Trust: 0.6
db:VULMONid:CVE-2018-7580
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-7580 // 
            
            
            
            JVNDB: JVNDB-2018-016530 // 
            
            
            
            NVD: CVE-2018-7580 // 
            
            
            
            CNNVD: CNNVD-202012-1427

REFERENCES
url:http://seclists.org/fulldisclosure/2020/dec/51
Trust: 2.5
url:http://packetstormsecurity.com/files/160724/philips-hue-denial-of-service.html
Trust: 2.3
url:https://www.iliashn.com/cve-2018-7580/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-7580
Trust: 1.4
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-7580 // 
            
            
            
            JVNDB: JVNDB-2018-016530 // 
            
            
            
            NVD: CVE-2018-7580 // 
            
            
            
            CNNVD: CNNVD-202012-1427

CREDITS
Ilia Shnaidman
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202012-1427

SOURCES
db:VULMONid:CVE-2018-7580
db:JVNDBid:JVNDB-2018-016530
db:NVDid:CVE-2018-7580
db:CNNVDid:CNNVD-202012-1427

LAST UPDATE DATE
2023-12-18T12:55:45.803000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2018-7580date:2020-12-29T00:00:00
db:JVNDBid:JVNDB-2018-016530date:2021-08-24T09:04:00
db:NVDid:CVE-2018-7580date:2022-08-06T03:45:58.647
db:CNNVDid:CNNVD-202012-1427date:2022-08-10T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2018-7580date:2020-12-21T00:00:00
db:JVNDBid:JVNDB-2018-016530date:2021-08-24T00:00:00
db:NVDid:CVE-2018-7580date:2020-12-21T21:15:12.603
db:CNNVDid:CNNVD-202012-1427date:2020-12-21T00:00:00