CVE-2018-11541

CVSS V2 High 10 CVSS V3 Critical 9.8
Description
A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140.
Overview
  • CVE ID
  • CVE-2018-11541
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2018-07-09T12:29:00
  • Last Modified Date
  • 2019-10-03T00:03:26
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:ribboncommunications:sonus_sbc_1000_firmware:6.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:ribboncommunications:sonus_sbc_1000_firmware:6.1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:ribboncommunications:sonus_sbc_1000_firmware:7.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:ribboncommunications:sonus_sbc_1000:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ribboncommunications:sonus_sbc_2000_firmware:6.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:ribboncommunications:sonus_sbc_2000_firmware:6.1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:ribboncommunications:sonus_sbc_2000_firmware:7.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:ribboncommunications:sonus_sbc_2000:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:a:ribboncommunications:sbc_swe_lite_web:6.1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ribboncommunications:sbc_swe_lite_web:7.0.0:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 10
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 10
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 9.8
  • Base Severity
  • CRITICAL
  • Exploitability Score
  • 3.9
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6+Release+Notes Permissions Required Third Party Advisory
https://gist.github.com/CyberSKR/0134dff8f48d2e7b87227c554404bfcb Third Party Advisory
History
Created Old Value New Value Data Type Notes
2022-05-10 17:32:00 Added to TrackCVE
2022-12-03 09:31:01 2018-07-09T12:29Z 2018-07-09T12:29:00 CVE Published Date updated
2022-12-03 09:31:01 2019-10-03T00:03:26 CVE Modified Date updated
2022-12-03 09:31:01 Analyzed Vulnerability Status updated