CVE-2018-11543

CVSS V2 Medium 5 CVSS V3 High 7.5
Description
A Local File Inclusion (LFI) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the downloading of arbitrary files via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140.
Overview
  • CVE ID
  • CVE-2018-11543
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2018-07-09T12:29:00
  • Last Modified Date
  • 2018-09-12T14:03:39
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:ribboncommunications:sonus_sbc_1000_firmware:6.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:ribboncommunications:sonus_sbc_1000_firmware:6.1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:ribboncommunications:sonus_sbc_1000_firmware:7.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:ribboncommunications:sonus_sbc_1000:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ribboncommunications:sonus_sbc_2000_firmware:6.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:ribboncommunications:sonus_sbc_2000_firmware:6.1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:ribboncommunications:sonus_sbc_2000_firmware:7.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:ribboncommunications:sonus_sbc_2000:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:ribboncommunications:sbc_swe_lite_firmware:6.1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:ribboncommunications:sbc_swe_lite_firmware:7.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:ribboncommunications:sbc_swe_lite:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • NONE
  • Base Score
  • 7.5
  • Base Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 3.6
References
Reference URL Reference Tags
https://support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6+Release+Notes Permissions Required Third Party Advisory
https://gist.github.com/CyberSKR/6914c2c2c8a550d6555137a3ff756df4 Third Party Advisory
History
Created Old Value New Value Data Type Notes
2022-05-10 18:37:57 Added to TrackCVE
2022-12-03 09:31:07 2018-07-09T12:29Z 2018-07-09T12:29:00 CVE Published Date updated
2022-12-03 09:31:07 2018-09-12T14:03:39 CVE Modified Date updated
2022-12-03 09:31:07 Analyzed Vulnerability Status updated