Lucene search

[email protected]CVE-2018-11541

HistoryJul 09, 2018 - 12:29 p.m.

CVE-2018-11541

2018-07-0912:29:00

CWE-862

[email protected]

web.nvd.nist.gov

cve-2018-11541

sonus

sbc

privilege escalation

vulnerability

unauthorised access

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.8%

JSON

A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140.

Affected configurations

NVD

Node

ribboncommunicationssonus_sbc_1000_firmwareMatch6.0.0

ribboncommunicationssonus_sbc_1000_firmwareMatch6.1.0

ribboncommunicationssonus_sbc_1000_firmwareMatch7.0.0

AND

ribboncommunicationssonus_sbc_1000Match-

Node

ribboncommunicationssonus_sbc_2000_firmwareMatch6.0.0

ribboncommunicationssonus_sbc_2000_firmwareMatch6.1.0

ribboncommunicationssonus_sbc_2000_firmwareMatch7.0.0

AND

ribboncommunicationssonus_sbc_2000Match-

Node

ribboncommunicationssbc_swe_lite_webMatch6.1.0

ribboncommunicationssbc_swe_lite_webMatch7.0.0

CPENameOperatorVersion
ribboncommunications:sonus_sbc_1000_firmwareribboncommunications sonus sbc 1000 firmwareeq6.0.0
ribboncommunications:sonus_sbc_1000_firmwareribboncommunications sonus sbc 1000 firmwareeq6.1.0
ribboncommunications:sonus_sbc_1000_firmwareribboncommunications sonus sbc 1000 firmwareeq7.0.0

CPE	Name	Operator	Version
ribboncommunications:sonus_sbc_1000_firmware	ribboncommunications sonus sbc 1000 firmware	eq	6.0.0
ribboncommunications:sonus_sbc_1000_firmware	ribboncommunications sonus sbc 1000 firmware	eq	6.1.0
ribboncommunications:sonus_sbc_1000_firmware	ribboncommunications sonus sbc 1000 firmware	eq	7.0.0

References

gist.github.com/CyberSKR/0134dff8f48d2e7b87227c554404bfcb

support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6+Release+Notes

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.8%

JSON

Related for CVE-2018-11541

cvelist1 prion1 nvd1