Lucene search

MitreCVE-2018-20399

HistoryDec 23, 2018 - 9:29 p.m.

CVE-2018-20399

2018-12-2321:29:01

CWE-522

mitre

web.nvd.nist.gov

motorola

sbg901

sbg941

svg1202

snmp

remote attackers

credentials

vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.02

Percentile

89.0%

JSON

Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Affected configurations

Nvd

Node

motorolasbg901_firmwareMatchsbg901-2.10.1.1-ga-00-581-nosh

AND

motorolasbg901Match1.0

Node

motorolasbg941_firmwareMatchsbg941-2.11.0.0-ga-07-624-nosh

AND

motorolasbg941Match1.0

Node

motorolasvg1202_firmwareMatchsvg1202-2.1.0.0-ga-14-ltsh

AND

motorolasvg1202Match1.0

VendorProductVersionCPE
motorolasbg901_firmwaresbg901-2.10.1.1-ga-00-581-noshcpe:2.3:o:motorola:sbg901_firmware:sbg901-2.10.1.1-ga-00-581-nosh:*:*:*:*:*:*:*
motorolasbg9011.0cpe:2.3:h:motorola:sbg901:1.0:*:*:*:*:*:*:*
motorolasbg941_firmwaresbg941-2.11.0.0-ga-07-624-noshcpe:2.3:o:motorola:sbg941_firmware:sbg941-2.11.0.0-ga-07-624-nosh:*:*:*:*:*:*:*
motorolasbg9411.0cpe:2.3:h:motorola:sbg941:1.0:*:*:*:*:*:*:*
motorolasvg1202_firmwaresvg1202-2.1.0.0-ga-14-ltshcpe:2.3:o:motorola:svg1202_firmware:svg1202-2.1.0.0-ga-14-ltsh:*:*:*:*:*:*:*
motorolasvg12021.0cpe:2.3:h:motorola:svg1202:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
motorola	sbg901_firmware	sbg901-2.10.1.1-ga-00-581-nosh	cpe:2.3:o:motorola:sbg901_firmware:sbg901-2.10.1.1-ga-00-581-nosh:::::::*
motorola	sbg901	1.0	cpe:2.3:h:motorola:sbg901:1.0:::::::*
motorola	sbg941_firmware	sbg941-2.11.0.0-ga-07-624-nosh	cpe:2.3:o:motorola:sbg941_firmware:sbg941-2.11.0.0-ga-07-624-nosh:::::::*
motorola	sbg941	1.0	cpe:2.3:h:motorola:sbg941:1.0:::::::*
motorola	svg1202_firmware	svg1202-2.1.0.0-ga-14-ltsh	cpe:2.3:o:motorola:svg1202_firmware:svg1202-2.1.0.0-ga-14-ltsh:::::::*
motorola	svg1202	1.0	cpe:2.3:h:motorola:svg1202:1.0:::::::*

References

www.securityfocus.com/bid/106320

github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv

misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.02

Percentile

89.0%

JSON

Related for CVE-2018-20399