CVE-2018-11543
CVSS V2 Medium 5
CVSS V3 High 7.5
Description
A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the downloading of arbitrary files via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140.
Overview
- CVE ID
- CVE-2018-11543
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2018-07-09T12:29:00
- Last Modified Date
- 2018-09-12T14:03:39
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
AND | ||||
cpe:2.3:o:ribboncommunications:sonus_sbc_1000_firmware:6.0.0:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:ribboncommunications:sonus_sbc_1000_firmware:6.1.0:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:ribboncommunications:sonus_sbc_1000_firmware:7.0.0:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:ribboncommunications:sonus_sbc_1000:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:ribboncommunications:sonus_sbc_2000_firmware:6.0.0:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:ribboncommunications:sonus_sbc_2000_firmware:6.1.0:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:ribboncommunications:sonus_sbc_2000_firmware:7.0.0:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:ribboncommunications:sonus_sbc_2000:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:ribboncommunications:sbc_swe_lite_firmware:6.1.0:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:ribboncommunications:sbc_swe_lite_firmware:7.0.0:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:ribboncommunications:sbc_swe_lite:-:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- NONE
- Availability Impact
- NONE
- Base Score
- 5
- Severity
- MEDIUM
- Exploitability Score
- 10
- Impact Score
- 2.9
CVSS Version 3
- Version
- 3.0
- Vector String
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Attack Vector
- NETWORK
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- NONE
- Base Score
- 7.5
- Base Severity
- HIGH
- Exploitability Score
- 3.9
- Impact Score
- 3.6
References
Reference URL | Reference Tags |
---|---|
https://support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6+Release+Notes | Permissions Required Third Party Advisory |
https://gist.github.com/CyberSKR/6914c2c2c8a550d6555137a3ff756df4 | Third Party Advisory |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2018-11543 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11543 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-05-10 18:37:57 | Added to TrackCVE | |||
2022-12-03 09:31:07 | 2018-07-09T12:29Z | 2018-07-09T12:29:00 | CVE Published Date | updated |
2022-12-03 09:31:07 | 2018-09-12T14:03:39 | CVE Modified Date | updated | |
2022-12-03 09:31:07 | Analyzed | Vulnerability Status | updated |