cvelistv5 - cve-2018-0613

CVE-2018-0613 (GCVE-0-2018-0613)

Vulnerability from cvelistv5 – Published: 2018-07-26 17:00 – Updated: 2024-08-05 03:28

Summary

Severity ?

No CVSS data available.

CWE

Fails to restrict access

Assigner

jpcert

References

URL

Tags

	https://www.necplatforms.co.jp/product/enkaku/inf…	x_refsource_CONFIRM
	http://jvn.jp/en/jp/JVN63895206/index.html	third-party-advisoryx_refsource_JVN

Impacted products

	Vendor	Product	Version
	NEC Platforms, Ltd.	Calsos CSDX and CSDJ series products	Affected: CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.281Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
          },
          {
            "name": "JVN#63895206",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN63895206/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Calsos CSDX and CSDJ series products",
          "vendor": "NEC Platforms, Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00"
            }
          ]
        }
      ],
      "datePublic": "2018-07-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Fails to restrict access",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-26T16:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
        },
        {
          "name": "JVN#63895206",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN63895206/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0613",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Calsos CSDX and CSDJ series products",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "NEC Platforms, Ltd."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Fails to restrict access"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.necplatforms.co.jp/product/enkaku/info180702.html",
              "refsource": "CONFIRM",
              "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
            },
            {
              "name": "JVN#63895206",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN63895206/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0613",
    "datePublished": "2018-07-26T17:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:28:11.281Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:necplatforms:calsos_csdx_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.37210411\", \"matchCriteriaId\": \"432A84D4-4983-4A60-B5E8-58C736F1DE4B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:necplatforms:calsos_csdx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00656D53-88F9-4C4E-91B7-4E274AD1A11B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:necplatforms:calsos_csdx\\\\(p\\\\)_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.37210411\", \"matchCriteriaId\": \"2F9BCFFF-ECEF-45C2-8BDC-E86A51E18D5C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:necplatforms:calsos_csdx\\\\(p\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6162989-0ED7-4D09-BE56-643FB752395C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:necplatforms:calsos_csdx\\\\(s\\\\)_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.37210411\", \"matchCriteriaId\": \"BA2C4F9A-0A88-422D-9CD9-2D9E95A15975\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:necplatforms:calsos_csdx\\\\(s\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB6FAD2D-57C5-4112-902F-4E086B1E594E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:necplatforms:calsos_csdx\\\\(d\\\\)_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.37210411\", \"matchCriteriaId\": \"D06D1AF5-7ABE-4F15-9126-06D1A5F3A9DC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:necplatforms:calsos_csdx\\\\(d\\\\):-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CD3DF49-F4C0-43FB-97CC-13B30D6A5320\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:necplatforms:calsos_csdj-b_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"01.03.00\", \"matchCriteriaId\": \"9FA4BEB9-6CDB-4E5A-B133-3A865280DA5E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:necplatforms:calsos_csdj-b:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD1630C2-C70B-43BD-AB13-81C44972F2F2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:necplatforms:calsos_csdj-d_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"01.03.00\", \"matchCriteriaId\": \"41C3EAFC-9722-40FE-A29E-CF14AC96CEDE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:necplatforms:calsos_csdj-d:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF6B049D-8A7E-44F2-B913-9DB827C05078\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:necplatforms:calsos_csdj-h_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"01.03.00\", \"matchCriteriaId\": \"4A2B4D00-C163-4478-A112-576AE04865FE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:necplatforms:calsos_csdj-h:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7EDDA8B4-09DB-4CA7-AC39-066538067E13\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:necplatforms:calsos_csdj-a_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"03.00.00\", \"matchCriteriaId\": \"EF2B3371-69A3-4F16-B478-8E0763114173\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:necplatforms:calsos_csdj-a:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CEBBF8B-706B-40B7-A00E-E1E824BD5E1D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Los productos de las series Calsos CSDX y CSDJ de NEC Platforms (CSDX 1.37210411 y anteriores, CSDX(P) 4.37210411 y anteriores, CSDX(D) 3.37210411 y anteriores, CSDX(S) 2.37210411 y anteriores, CSDJ-B 01.03.00 y anteriores, CSDJ-H 01. 03.00 y anteriores, CSDJ-D 01.03.00 y anteriores, CSDJ-A 03.00.00) permiten a los atacantes autenticados remotos omitir la restricci\\u00f3n de acceso para realizar operaciones arbitrarias con privilegios administrativos a trav\\u00e9s de vectores no especificados.\"}]",
      "id": "CVE-2018-0613",
      "lastModified": "2024-11-21T03:38:35.587",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-07-26T17:29:00.503",
      "references": "[{\"url\": \"http://jvn.jp/en/jp/JVN63895206/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.necplatforms.co.jp/product/enkaku/info180702.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://jvn.jp/en/jp/JVN63895206/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.necplatforms.co.jp/product/enkaku/info180702.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-0613\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2018-07-26T17:29:00.503\",\"lastModified\":\"2024-11-21T03:38:35.587\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Los productos de las series Calsos CSDX y CSDJ de NEC Platforms (CSDX 1.37210411 y anteriores, CSDX(P) 4.37210411 y anteriores, CSDX(D) 3.37210411 y anteriores, CSDX(S) 2.37210411 y anteriores, CSDJ-B 01.03.00 y anteriores, CSDJ-H 01. 03.00 y anteriores, CSDJ-D 01.03.00 y anteriores, CSDJ-A 03.00.00) permiten a los atacantes autenticados remotos omitir la restricci\u00f3n de acceso para realizar operaciones arbitrarias con privilegios administrativos a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:necplatforms:calsos_csdx_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.37210411\",\"matchCriteriaId\":\"432A84D4-4983-4A60-B5E8-58C736F1DE4B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:necplatforms:calsos_csdx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00656D53-88F9-4C4E-91B7-4E274AD1A11B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:necplatforms:calsos_csdx\\\\(p\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.37210411\",\"matchCriteriaId\":\"2F9BCFFF-ECEF-45C2-8BDC-E86A51E18D5C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:necplatforms:calsos_csdx\\\\(p\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6162989-0ED7-4D09-BE56-643FB752395C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:necplatforms:calsos_csdx\\\\(s\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.37210411\",\"matchCriteriaId\":\"BA2C4F9A-0A88-422D-9CD9-2D9E95A15975\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:necplatforms:calsos_csdx\\\\(s\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB6FAD2D-57C5-4112-902F-4E086B1E594E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:necplatforms:calsos_csdx\\\\(d\\\\)_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.37210411\",\"matchCriteriaId\":\"D06D1AF5-7ABE-4F15-9126-06D1A5F3A9DC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:necplatforms:calsos_csdx\\\\(d\\\\):-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CD3DF49-F4C0-43FB-97CC-13B30D6A5320\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:necplatforms:calsos_csdj-b_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.03.00\",\"matchCriteriaId\":\"9FA4BEB9-6CDB-4E5A-B133-3A865280DA5E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:necplatforms:calsos_csdj-b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD1630C2-C70B-43BD-AB13-81C44972F2F2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:necplatforms:calsos_csdj-d_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.03.00\",\"matchCriteriaId\":\"41C3EAFC-9722-40FE-A29E-CF14AC96CEDE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:necplatforms:calsos_csdj-d:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF6B049D-8A7E-44F2-B913-9DB827C05078\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:necplatforms:calsos_csdj-h_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"01.03.00\",\"matchCriteriaId\":\"4A2B4D00-C163-4478-A112-576AE04865FE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:necplatforms:calsos_csdj-h:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EDDA8B4-09DB-4CA7-AC39-066538067E13\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:necplatforms:calsos_csdj-a_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"03.00.00\",\"matchCriteriaId\":\"EF2B3371-69A3-4F16-B478-8E0763114173\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:necplatforms:calsos_csdj-a:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CEBBF8B-706B-40B7-A00E-E1E824BD5E1D\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN63895206/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.necplatforms.co.jp/product/enkaku/info180702.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://jvn.jp/en/jp/JVN63895206/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.necplatforms.co.jp/product/enkaku/info180702.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

JVNDB-2018-000068

Vulnerability from jvndb - Published: 2018-07-02 15:22 - Updated:2019-07-24 14:31

Severity ?

8.8 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in Calsos CSDX and CSDJ series products

Details

Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. * Access Restriction Bypass (CWE-284) - CVE-2018-0613 * Cross-site scripting (CWE-79) - CVE-2018-0614 NEC Platforms, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinated under the Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN63895206/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0613
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0614
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0613
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0614
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	NEC Platforms, Ltd.	CSDJ
	NEC Platforms, Ltd.	CSDJ
	NEC Platforms, Ltd.	CSDJ
	NEC Platforms, Ltd.	CSDJ
	NEC Platforms, Ltd.	CSDX
	NEC Platforms, Ltd.	CSDX
	NEC Platforms, Ltd.	CSDX
	NEC Platforms, Ltd.	CSDX

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000068.html",
  "dc:date": "2019-07-24T14:31+09:00",
  "dcterms:issued": "2018-07-02T15:22+09:00",
  "dcterms:modified": "2019-07-24T14:31+09:00",
  "description": "Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. \r\n\r\n* Access Restriction Bypass (CWE-284) - CVE-2018-0613\r\n* Cross-site scripting (CWE-79) - CVE-2018-0614\r\n\r\nNEC Platforms, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000068.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:necplatforms:nec_platforms_csdj",
      "@product": "CSDJ",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:necplatforms:nec_platforms_csdj",
      "@product": "CSDJ",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:necplatforms:nec_platforms_csdj",
      "@product": "CSDJ",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:necplatforms:nec_platforms_csdj",
      "@product": "CSDJ",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:necplatforms:calsos_csdx_firmware",
      "@product": "CSDX",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:necplatforms:calsos_csdx_firmware",
      "@product": "CSDX",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:necplatforms:calsos_csdx_firmware",
      "@product": "CSDX",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:necplatforms:calsos_csdx_firmware",
      "@product": "CSDX",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000068",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN63895206/index.html",
      "@id": "JVN#63895206",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0613",
      "@id": "CVE-2018-0613",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0614",
      "@id": "CVE-2018-0614",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0613",
      "@id": "CVE-2018-0613",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0614",
      "@id": "CVE-2018-0614",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple vulnerabilities in Calsos CSDX and CSDJ series products"
}

FKIE_CVE-2018-0613

Vulnerability from fkie_nvd - Published: 2018-07-26 17:29 - Updated: 2024-11-21 03:38

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN63895206/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.necplatforms.co.jp/product/enkaku/info180702.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN63895206/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.necplatforms.co.jp/product/enkaku/info180702.html	Vendor Advisory

Impacted products

Vendor	Product	Version
necplatforms	calsos_csdx_firmware	*
necplatforms	calsos_csdx	-
necplatforms	calsos_csdx\(p\)_firmware	*
necplatforms	calsos_csdx\(p\)	-
necplatforms	calsos_csdx\(s\)_firmware	*
necplatforms	calsos_csdx\(s\)	-
necplatforms	calsos_csdx\(d\)_firmware	*
necplatforms	calsos_csdx\(d\)	-
necplatforms	calsos_csdj-b_firmware	*
necplatforms	calsos_csdj-b	-
necplatforms	calsos_csdj-d_firmware	*
necplatforms	calsos_csdj-d	-
necplatforms	calsos_csdj-h_firmware	*
necplatforms	calsos_csdj-h	-
necplatforms	calsos_csdj-a_firmware	*
necplatforms	calsos_csdj-a	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "432A84D4-4983-4A60-B5E8-58C736F1DE4B",
              "versionEndIncluding": "1.37210411",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00656D53-88F9-4C4E-91B7-4E274AD1A11B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdx\\(p\\)_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F9BCFFF-ECEF-45C2-8BDC-E86A51E18D5C",
              "versionEndIncluding": "4.37210411",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdx\\(p\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6162989-0ED7-4D09-BE56-643FB752395C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdx\\(s\\)_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA2C4F9A-0A88-422D-9CD9-2D9E95A15975",
              "versionEndIncluding": "2.37210411",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdx\\(s\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB6FAD2D-57C5-4112-902F-4E086B1E594E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdx\\(d\\)_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D06D1AF5-7ABE-4F15-9126-06D1A5F3A9DC",
              "versionEndIncluding": "3.37210411",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdx\\(d\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CD3DF49-F4C0-43FB-97CC-13B30D6A5320",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdj-b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FA4BEB9-6CDB-4E5A-B133-3A865280DA5E",
              "versionEndIncluding": "01.03.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdj-b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD1630C2-C70B-43BD-AB13-81C44972F2F2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdj-d_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41C3EAFC-9722-40FE-A29E-CF14AC96CEDE",
              "versionEndIncluding": "01.03.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdj-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF6B049D-8A7E-44F2-B913-9DB827C05078",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdj-h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2B4D00-C163-4478-A112-576AE04865FE",
              "versionEndIncluding": "01.03.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdj-h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EDDA8B4-09DB-4CA7-AC39-066538067E13",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdj-a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF2B3371-69A3-4F16-B478-8E0763114173",
              "versionEndIncluding": "03.00.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdj-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CEBBF8B-706B-40B7-A00E-E1E824BD5E1D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Los productos de las series Calsos CSDX y CSDJ de NEC Platforms (CSDX 1.37210411 y anteriores, CSDX(P) 4.37210411 y anteriores, CSDX(D) 3.37210411 y anteriores, CSDX(S) 2.37210411 y anteriores, CSDJ-B 01.03.00 y anteriores, CSDJ-H 01. 03.00 y anteriores, CSDJ-D 01.03.00 y anteriores, CSDJ-A 03.00.00) permiten a los atacantes autenticados remotos omitir la restricci\u00f3n de acceso para realizar operaciones arbitrarias con privilegios administrativos a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2018-0613",
  "lastModified": "2024-11-21T03:38:35.587",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-26T17:29:00.503",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN63895206/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN63895206/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2018-0613

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-0613

Aliases

CVE-2018-0613

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-0613",
    "description": "NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors.",
    "id": "GSD-2018-0613"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-0613"
      ],
      "details": "NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors.",
      "id": "GSD-2018-0613",
      "modified": "2023-12-13T01:22:24.542699Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2018-0613",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Calsos CSDX and CSDJ series products",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "NEC Platforms, Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Fails to restrict access"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.necplatforms.co.jp/product/enkaku/info180702.html",
            "refsource": "CONFIRM",
            "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
          },
          {
            "name": "JVN#63895206",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN63895206/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdx_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.37210411",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdx\\(p\\)_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.37210411",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdx\\(p\\):-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdx\\(s\\)_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.37210411",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdx\\(s\\):-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdx\\(d\\)_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.37210411",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdx\\(d\\):-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdj-b_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.03.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdj-b:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdj-d_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.03.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdj-d:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdj-h_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.03.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdj-h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdj-a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "03.00.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdj-a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0613"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-269"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.necplatforms.co.jp/product/enkaku/info180702.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
            },
            {
              "name": "JVN#63895206",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN63895206/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-07-26T17:29Z"
    }
  }
}

VAR-201807-1190

Vulnerability from variot - Updated: 2023-12-18 13:02

NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors. Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. * Access Restriction Bypass (CWE-284) - CVE-2018-0613 * Cross-site scripting (CWE-79) - CVE-2018-0614 NEC Platforms, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinated under the Information Security Early Warning Partnership.* An arbitrary operation with administrative privilege may be performed by an attacker who logged in with the user privilege - CVE-2018-0613 * An arbitrary script may be executed on a logged in user's web browser - CVE-2018-0614. A remote attacker could exploit the vulnerability to bypass access restrictions and perform arbitrary operations with administrative privileges

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201807-1190",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "calsos csdj-d",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "01.03.00"
      },
      {
        "model": "calsos csdj-b",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "01.03.00"
      },
      {
        "model": "calsos csdx\\",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "2.37210411"
      },
      {
        "model": "calsos csdj-h",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "01.03.00"
      },
      {
        "model": "calsos csdj-a",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "03.00.00"
      },
      {
        "model": "calsos csdx",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "1.37210411"
      },
      {
        "model": "calsos csdx\\",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "3.37210411"
      },
      {
        "model": "calsos csdx\\",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "4.37210411"
      },
      {
        "model": "csdj",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "-a 03.00.00"
      },
      {
        "model": "csdj",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "-b 01.03.00"
      },
      {
        "model": "csdj",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "-d 01.03.00"
      },
      {
        "model": "csdj",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "-h 01.03.00"
      },
      {
        "model": "csdx",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "(d) 3.37210411"
      },
      {
        "model": "csdx",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "(p) 4.37210411"
      },
      {
        "model": "csdx",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "(s) 2.37210411"
      },
      {
        "model": "csdx",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "1.37210411"
      },
      {
        "model": "platforms calsos csdx",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=1.37210411"
      },
      {
        "model": "platforms csdx",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=4.37210411"
      },
      {
        "model": "platforms csdx",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=3.37210411"
      },
      {
        "model": "platforms csdx",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=2.37210411"
      },
      {
        "model": "platforms csdj-b",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=01.03.00"
      },
      {
        "model": "platforms csdj-h",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=01.03.00"
      },
      {
        "model": "platforms csdj-d",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=01.03.00"
      },
      {
        "model": "platforms csdj-a",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nec",
        "version": "03.00.00"
      },
      {
        "model": "calsos csdj-b",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "01.03.00"
      },
      {
        "model": "calsos csdj-a",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "03.00.00"
      },
      {
        "model": "calsos csdx\\",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "4.37210411"
      },
      {
        "model": "calsos csdj-h",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "01.03.00"
      },
      {
        "model": "calsos csdx\\",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "2.37210411"
      },
      {
        "model": "calsos csdx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "1.37210411"
      },
      {
        "model": "calsos csdx\\",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "3.37210411"
      },
      {
        "model": "calsos csdj-d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "01.03.00"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1900"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdx_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.37210411",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdx\\(p\\)_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.37210411",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdx\\(p\\):-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdx\\(s\\)_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.37210411",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdx\\(s\\):-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdx\\(d\\)_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.37210411",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdx\\(d\\):-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdj-b_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.03.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdj-b:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdj-d_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.03.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdj-d:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdj-h_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.03.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdj-h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdj-a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "03.00.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdj-a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0613"
      }
    ]
  },
  "cve": "CVE-2018-0613",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 6.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000068",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000068",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2019-26780",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-118815",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000068",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000068",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-0613",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2018-000068",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2018-000068",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-26780",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201807-1900",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-118815",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118815"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1900"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors. Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. * Access Restriction Bypass (CWE-284) - CVE-2018-0613 * Cross-site scripting (CWE-79) - CVE-2018-0614 NEC Platforms, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinated under the Information Security Early Warning Partnership.* An arbitrary operation with administrative privilege may be performed by an attacker who logged in with the user privilege - CVE-2018-0613 * An arbitrary script may be executed on a logged in user\u0027s web browser - CVE-2018-0614. A remote attacker could exploit the vulnerability to bypass access restrictions and perform arbitrary operations with administrative privileges",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118815"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0613",
        "trust": 3.1
      },
      {
        "db": "JVN",
        "id": "JVN63895206",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1900",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-26780",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-118815",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118815"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1900"
      }
    ]
  },
  "id": "VAR-201807-1190",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118815"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:02:33.073000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "NEC Platforms, Ltd. website ",
        "trust": 0.8,
        "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
      },
      {
        "title": "NEC Platforms Calsos CSDX and CSDJ Series Products Access Restricted Bypass Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/174499"
      },
      {
        "title": "NEC Platforms Calsos CSDX  and CSDJ Repair measures for series product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=82645"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1900"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-269",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      },
      {
        "problemtype": "CWE-79",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118815"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0613"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://jvn.jp/en/jp/jvn63895206/index.html"
      },
      {
        "trust": 2.3,
        "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0613"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0614"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0614"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0613"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118815"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1900"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118815"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0613"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1900"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      },
      {
        "date": "2018-07-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118815"
      },
      {
        "date": "2018-07-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "date": "2018-07-26T17:29:00.503000",
        "db": "NVD",
        "id": "CVE-2018-0613"
      },
      {
        "date": "2018-07-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-1900"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118815"
      },
      {
        "date": "2019-07-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2018-0613"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-1900"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1900"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in Calsos CSDX and CSDJ series products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1900"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2019-26780

Vulnerability from cnvd - Published: 2019-08-12

Title

NEC Platforms Calsos CSDX和CSDJ系列产品访问限制绕过漏洞

Description

NEC Platforms Calsos CSDX和CSDJ都是日本NEC Platforms公司的远程监控设备。 NEC Platforms Calsos CSDX和CSDJ系列产品中存在安全漏洞。远程攻击者可利用该漏洞绕过访问限制，以管理权限执行任意操作。

Severity

中

Patch Name

NEC Platforms Calsos CSDX和CSDJ系列产品访问限制绕过漏洞的补丁

Patch Description

NEC Platforms Calsos CSDX和CSDJ都是日本NEC Platforms公司的远程监控设备。 NEC Platforms Calsos CSDX和CSDJ系列产品中存在安全漏洞。远程攻击者可利用该漏洞绕过访问限制，以管理权限执行任意操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.necplatforms.co.jp/product/enkaku/info180702.html

Reference

https://www.necplatforms.co.jp/product/enkaku/info180702.html

Impacted products

Name
['NEC Platforms Calsos CSDX <=1.37210411', 'NEC Platforms CSDX(P) <=4.37210411', 'NEC Platforms CSDX(D) <=3.37210411', 'NEC Platforms CSDX(S) <=2.37210411', 'NEC Platforms CSDJ-B <=01.03.00', 'NEC Platforms CSDJ-H <=01.03.00', 'NEC Platforms CSDJ-D <=01.03.00', 'NEC Platforms CSDJ-A 03.00.00']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0613"
    }
  },
  "description": "NEC Platforms Calsos CSDX\u548cCSDJ\u90fd\u662f\u65e5\u672cNEC Platforms\u516c\u53f8\u7684\u8fdc\u7a0b\u76d1\u63a7\u8bbe\u5907\u3002\n\nNEC Platforms Calsos CSDX\u548cCSDJ\u7cfb\u5217\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8bbf\u95ee\u9650\u5236\uff0c\u4ee5\u7ba1\u7406\u6743\u9650\u6267\u884c\u4efb\u610f\u64cd\u4f5c\u3002",
  "discovererName": "NEC Platforms",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.necplatforms.co.jp/product/enkaku/info180702.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-26780",
  "openTime": "2019-08-12",
  "patchDescription": "NEC Platforms Calsos CSDX\u548cCSDJ\u90fd\u662f\u65e5\u672cNEC Platforms\u516c\u53f8\u7684\u8fdc\u7a0b\u76d1\u63a7\u8bbe\u5907\u3002\r\n\r\nNEC Platforms Calsos CSDX\u548cCSDJ\u7cfb\u5217\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8bbf\u95ee\u9650\u5236\uff0c\u4ee5\u7ba1\u7406\u6743\u9650\u6267\u884c\u4efb\u610f\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NEC Platforms Calsos CSDX\u548cCSDJ\u7cfb\u5217\u4ea7\u54c1\u8bbf\u95ee\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "NEC Platforms Calsos CSDX \u003c=1.37210411",
      "NEC Platforms CSDX(P) \u003c=4.37210411",
      "NEC Platforms CSDX(D) \u003c=3.37210411",
      "NEC Platforms CSDX(S) \u003c=2.37210411",
      "NEC Platforms CSDJ-B \u003c=01.03.00",
      "NEC Platforms CSDJ-H \u003c=01.03.00",
      "NEC Platforms CSDJ-D \u003c=01.03.00",
      "NEC Platforms CSDJ-A 03.00.00"
    ]
  },
  "referenceLink": "https://www.necplatforms.co.jp/product/enkaku/info180702.html",
  "serverity": "\u4e2d",
  "submitTime": "2019-07-24",
  "title": "NEC Platforms Calsos CSDX\u548cCSDJ\u7cfb\u5217\u4ea7\u54c1\u8bbf\u95ee\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e"
}

GHSA-W8V2-8J35-XJPG

Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2022-05-13 01:48

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-0613"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-26T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors.",
  "id": "GHSA-w8v2-8j35-xjpg",
  "modified": "2022-05-13T01:48:19Z",
  "published": "2022-05-13T01:48:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0613"
    },
    {
      "type": "WEB",
      "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN63895206/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-0613 (GCVE-0-2018-0613)

JVNDB-2018-000068

FKIE_CVE-2018-0613

GSD-2018-0613

VAR-201807-1190

CNVD-2019-26780

GHSA-W8V2-8J35-XJPG

Tags

Sightings

Nomenclature