Lucene search

MitreCVE-2018-13355

HistoryNov 27, 2018 - 9:29 p.m.

CVE-2018-13355

2018-11-2721:29:00

CWE-732

mitre

web.nvd.nist.gov

cve-2018-13355

incorrect access controls

ajaxdata.php

terramaster tos

unauthorized user group creation

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

19.5%

JSON

Incorrect access controls in ajaxdata.php in TerraMaster TOS version 3.1.03 allow attackers to create user groups without proper authorization.

Affected configurations

Nvd

Node

terra-masterterramaster_operating_systemMatch3.1.03

VendorProductVersionCPE
terra-masterterramaster_operating_system3.1.03cpe:2.3:o:terra-master:terramaster_operating_system:3.1.03:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
terra-master	terramaster_operating_system	3.1.03	cpe:2.3:o:terra-master:terramaster_operating_system:3.1.03:::::::*

References

blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

19.5%

JSON

Related for CVE-2018-13355