Lucene search

[email protected]NVD:CVE-2018-20385

HistoryDec 23, 2018 - 9:29 p.m.

CVE-2018-20385

2018-12-2321:29:00

CWE-522

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.024

Percentile

90.1%

JSON

CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553mp1.39219mp1.899.005ITT, CBW383G4J 37.556mp5.008, and CBW38G4J 37.553mp1.008 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Affected configurations

Nvd

Node

castlenetcbv38z4ec_firmwareMatch25.553mp1.39219mp1.899.007

AND

castlenetcbv38z4ecMatch1.0

Node

castlenetcbv38z4ecnit_firmwareMatch125.553mp1.39219mp1.899.005itt

AND

castlenetcbv38z4ecnitMatch1.0

Node

castlenetcbw383g4j_firmwareMatch37.556mp5.008

AND

castlenetcbw383g4jMatch1.01

Node

castlenetcbw38g4j_firmwareMatch37.553mp1.008

AND

castlenetcbw38g4jMatch1.0

VendorProductVersionCPE
castlenetcbv38z4ec_firmware25.553mp1.39219mp1.899.007cpe:2.3:o:castlenet:cbv38z4ec_firmware:25.553mp1.39219mp1.899.007:*:*:*:*:*:*:*
castlenetcbv38z4ec1.0cpe:2.3:h:castlenet:cbv38z4ec:1.0:*:*:*:*:*:*:*
castlenetcbv38z4ecnit_firmware125.553mp1.39219mp1.899.005ittcpe:2.3:o:castlenet:cbv38z4ecnit_firmware:125.553mp1.39219mp1.899.005itt:*:*:*:*:*:*:*
castlenetcbv38z4ecnit1.0cpe:2.3:h:castlenet:cbv38z4ecnit:1.0:*:*:*:*:*:*:*
castlenetcbw383g4j_firmware37.556mp5.008cpe:2.3:o:castlenet:cbw383g4j_firmware:37.556mp5.008:*:*:*:*:*:*:*
castlenetcbw383g4j1.01cpe:2.3:h:castlenet:cbw383g4j:1.01:*:*:*:*:*:*:*
castlenetcbw38g4j_firmware37.553mp1.008cpe:2.3:o:castlenet:cbw38g4j_firmware:37.553mp1.008:*:*:*:*:*:*:*
castlenetcbw38g4j1.0cpe:2.3:h:castlenet:cbw38g4j:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
castlenet	cbv38z4ec_firmware	25.553mp1.39219mp1.899.007	cpe:2.3:o:castlenet:cbv38z4ec_firmware:25.553mp1.39219mp1.899.007:::::::*
castlenet	cbv38z4ec	1.0	cpe:2.3:h:castlenet:cbv38z4ec:1.0:::::::*
castlenet	cbv38z4ecnit_firmware	125.553mp1.39219mp1.899.005itt	cpe:2.3:o:castlenet:cbv38z4ecnit_firmware:125.553mp1.39219mp1.899.005itt:::::::*
castlenet	cbv38z4ecnit	1.0	cpe:2.3:h:castlenet:cbv38z4ecnit:1.0:::::::*
castlenet	cbw383g4j_firmware	37.556mp5.008	cpe:2.3:o:castlenet:cbw383g4j_firmware:37.556mp5.008:::::::*
castlenet	cbw383g4j	1.01	cpe:2.3:h:castlenet:cbw383g4j:1.01:::::::*
castlenet	cbw38g4j_firmware	37.553mp1.008	cpe:2.3:o:castlenet:cbw38g4j_firmware:37.553mp1.008:::::::*
castlenet	cbw38g4j	1.0	cpe:2.3:h:castlenet:cbw38g4j:1.0:::::::*

References

github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv

misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.024

Percentile

90.1%

JSON

Related for NVD:CVE-2018-20385

cvelist1 cve1 prion1