Lucene search

KasperskyCVE-2018-18390

HistoryOct 19, 2018 - 2:29 p.m.

CVE-2018-18390

2018-10-1914:29:00

CWE-200

Kaspersky

web.nvd.nist.gov

cve-2018-18390

moxa

thingspro

iiot gateway

device management

software solutions

user enumeration

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

53.8%

JSON

User Enumeration in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1.

Affected configurations

Nvd

Node

moxathingsproMatch2.1

VendorProductVersionCPE
moxathingspro2.1cpe:2.3:a:moxa:thingspro:2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moxa	thingspro	2.1	cpe:2.3:a:moxa:thingspro:2.1:::::::*

CNA Affected

[
  {
    "product": "ThingsPro IIoT Gateway and Device Management Software Solutions",
    "vendor": "Moxa",
    "versions": [
      {
        "status": "affected",
        "version": "2.1"
      }
    ]
  }
]

References

ics-cert.kaspersky.com/advisories/klcert-advisories/2018/10/18/klcert-18-018-moxa-thingspro-iiot-gateway-and-device-management-software-solutions-user-enumeration/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

53.8%

JSON

Related for CVE-2018-18390