Vulnerability-Lookup

CVE-2018-17890 (GCVE-0-2018-17890)

Vulnerability from cvelistv5 – Published: 2018-10-12 14:00 – Updated: 2024-09-17 03:32

Summary

NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution.

Severity

No CVSS data available.

CWE

CWE-477 - USE OF OBSOLETE FUNCTION CWE-477

Assigner

icscert

References

2 references

URL	Tags
http://www.securityfocus.com/bid/105717	vdb-entryx_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
NUUO	NUUO CMS	Affected: All versions 3.1 and prior

Date Public

2018-10-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:01:14.699Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105717",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105717"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "NUUO CMS",
          "vendor": "NUUO",
          "versions": [
            {
              "status": "affected",
              "version": "All versions 3.1 and prior"
            }
          ]
        }
      ],
      "datePublic": "2018-10-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-477",
              "description": "USE OF OBSOLETE FUNCTION CWE-477",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-25T09:57:01.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "105717",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105717"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2018-10-11T00:00:00",
          "ID": "CVE-2018-17890",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "NUUO CMS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions 3.1 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "NUUO"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "USE OF OBSOLETE FUNCTION CWE-477"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105717",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105717"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2018-17890",
    "datePublished": "2018-10-12T14:00:00.000Z",
    "dateReserved": "2018-10-02T00:00:00.000Z",
    "dateUpdated": "2024-09-17T03:32:27.974Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-17890",
      "date": "2026-05-28",
      "epss": "0.00675",
      "percentile": "0.71773"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nuuo:nuuo_cms:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.1\", \"matchCriteriaId\": \"D15770E9-A56F-403C-B3EE-E3DA91E0DCAD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution.\"}, {\"lang\": \"es\", \"value\": \"En NUUO CMS, en todas las versiones 3.1 y anteriores, la aplicaci\\u00f3n emplea componentes de software inseguros y desactualizados para sus funcionalidades, lo que podr\\u00eda permitir la ejecuci\\u00f3n de c\\u00f3digo arbitrario.\"}]",
      "id": "CVE-2018-17890",
      "lastModified": "2024-11-21T03:55:08.893",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-10-12T14:29:00.380",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/105717\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/105717\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-477\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-17890\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2018-10-12T14:29:00.380\",\"lastModified\":\"2024-11-21T03:55:08.893\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"En NUUO CMS, en todas las versiones 3.1 y anteriores, la aplicaci\u00f3n emplea componentes de software inseguros y desactualizados para sus funcionalidades, lo que podr\u00eda permitir la ejecuci\u00f3n de c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-477\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nuuo:nuuo_cms:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.1\",\"matchCriteriaId\":\"D15770E9-A56F-403C-B3EE-E3DA91E0DCAD\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105717\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/105717\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

CNVD-2018-21167

Vulnerability from cnvd - Published: 2018-10-16

Title

NUUO CMS代码执行漏洞（CNVD-2018-21167）

Description

NUUO CMS是NUUO公司的一套中央软件管理平台。该平台用于集中管理NVR（硬盘录像机）、IP摄像机等设备，并提供用户管理和警报管理等功能。 NUUO CMS 3.1及之前版本中存在安全漏洞，该漏洞源于程序使用了不安全且过时的软件功能组件。攻击者可利用该漏洞执行任意代码。

Severity

高

Patch Name

NUUO CMS代码执行漏洞（CNVD-2018-21167）的补丁

Patch Description

NUUO CMS是NUUO公司的一套中央软件管理平台。该平台用于集中管理NVR（硬盘录像机）、IP摄像机等设备，并提供用户管理和警报管理等功能。 NUUO CMS 3.1及之前版本中存在安全漏洞，该漏洞源于程序使用了不安全且过时的软件功能组件。攻击者可利用该漏洞执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.nuuo.com/

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02

Impacted products

Name
NUUO CMS <=3.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-17890"
    }
  },
  "description": "NUUO CMS\u662fNUUO\u516c\u53f8\u7684\u4e00\u5957\u4e2d\u592e\u8f6f\u4ef6\u7ba1\u7406\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u7528\u4e8e\u96c6\u4e2d\u7ba1\u7406NVR\uff08\u786c\u76d8\u5f55\u50cf\u673a\uff09\u3001IP\u6444\u50cf\u673a\u7b49\u8bbe\u5907\uff0c\u5e76\u63d0\u4f9b\u7528\u6237\u7ba1\u7406\u548c\u8b66\u62a5\u7ba1\u7406\u7b49\u529f\u80fd\u3002\r\n\r\nNUUO CMS 3.1\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4f7f\u7528\u4e86\u4e0d\u5b89\u5168\u4e14\u8fc7\u65f6\u7684\u8f6f\u4ef6\u529f\u80fd\u7ec4\u4ef6\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Pedro Ribeiro",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.nuuo.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-21167",
  "openTime": "2018-10-16",
  "patchDescription": "NUUO CMS\u662fNUUO\u516c\u53f8\u7684\u4e00\u5957\u4e2d\u592e\u8f6f\u4ef6\u7ba1\u7406\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u7528\u4e8e\u96c6\u4e2d\u7ba1\u7406NVR\uff08\u786c\u76d8\u5f55\u50cf\u673a\uff09\u3001IP\u6444\u50cf\u673a\u7b49\u8bbe\u5907\uff0c\u5e76\u63d0\u4f9b\u7528\u6237\u7ba1\u7406\u548c\u8b66\u62a5\u7ba1\u7406\u7b49\u529f\u80fd\u3002\r\n\r\nNUUO CMS 3.1\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4f7f\u7528\u4e86\u4e0d\u5b89\u5168\u4e14\u8fc7\u65f6\u7684\u8f6f\u4ef6\u529f\u80fd\u7ec4\u4ef6\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NUUO CMS\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2018-21167\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "NUUO CMS \u003c=3.1"
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02",
  "serverity": "\u9ad8",
  "submitTime": "2018-10-16",
  "title": "NUUO CMS\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2018-21167\uff09"
}

FKIE_CVE-2018-17890

Vulnerability from fkie_nvd - Published: 2018-10-12 14:29 - Updated: 2024-11-21 03:55

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution.

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/105717	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105717	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02	Patch, Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	nuuo	nuuo_cms	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nuuo:nuuo_cms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D15770E9-A56F-403C-B3EE-E3DA91E0DCAD",
              "versionEndIncluding": "3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "En NUUO CMS, en todas las versiones 3.1 y anteriores, la aplicaci\u00f3n emplea componentes de software inseguros y desactualizados para sus funcionalidades, lo que podr\u00eda permitir la ejecuci\u00f3n de c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2018-17890",
  "lastModified": "2024-11-21T03:55:08.893",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-12T14:29:00.380",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105717"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105717"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-477"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-7HPX-8CR4-GMGF

Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16

Details

NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution.

Severity

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-17890"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-12T14:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution.",
  "id": "GHSA-7hpx-8cr4-gmgf",
  "modified": "2022-05-13T01:16:13Z",
  "published": "2022-05-13T01:16:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17890"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105717"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-17890

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution.

Aliases

CVE-2018-17890

Aliases

CVE-2018-17890

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-17890",
    "description": "NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution.",
    "id": "GSD-2018-17890",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2018-17890"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-17890"
      ],
      "details": "NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution.",
      "id": "GSD-2018-17890",
      "modified": "2023-12-13T01:22:31.045544Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "DATE_PUBLIC": "2018-10-11T00:00:00",
        "ID": "CVE-2018-17890",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "NUUO CMS",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions 3.1 and prior"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "NUUO"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "USE OF OBSOLETE FUNCTION CWE-477"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "105717",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105717"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nuuo:nuuo_cms:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2018-17890"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02"
            },
            {
              "name": "105717",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105717"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-09-18T16:21Z",
      "publishedDate": "2018-10-12T14:29Z"
    }
  }
}

ICSA-18-284-02

Vulnerability from csaf_cisa - Published: 2018-10-11 00:00 - Updated: 2018-11-20 00:00

Summary

NUUO CMS (Update A)

Notes

CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation: Successful exploitation of theses vulnerabilities could result in arbitrary remote code execution.

Critical infrastructure sectors: Commercial Facilities, Financial Services, Government Facilities, Healthcare and Public Health, Transportation Systems.

Countries/areas deployed: Worldwide

Company headquarters location: Taiwan

Recommended Practices: NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices: NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Exploitability: No known public exploits specifically target these vulnerabilities.

CVE-2018-17888

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-330 - Use of Insufficiently Random Values

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
CMS: Versions 3.3 and prior NUUO / CMS		<= 3.3	Mitigation fix
CMS: Versions 3.1 and prior NUUO / CMS		<= 3.1	Mitigation fix

CVE-2018-17890

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-477 - Use of Obsolete Function

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
CMS: Versions 3.3 and prior NUUO / CMS		<= 3.3	Mitigation fix
CMS: Versions 3.1 and prior NUUO / CMS		<= 3.1	Mitigation fix

CVE-2018-17892

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-732 - Incorrect Permission Assignment for Critical Resource

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
CMS: Versions 3.3 and prior NUUO / CMS		<= 3.3	Mitigation fix
CMS: Versions 3.1 and prior NUUO / CMS		<= 3.1	Mitigation fix

CVE-2018-17894

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-798 - Use of Hard-coded Credentials

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
CMS: Versions 3.3 and prior NUUO / CMS		<= 3.3	Mitigation fix
CMS: Versions 3.1 and prior NUUO / CMS		<= 3.1	Mitigation fix

CVE-2018-17934

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
CMS: Versions 3.3 and prior NUUO / CMS		<= 3.3	Mitigation fix
CMS: Versions 3.1 and prior NUUO / CMS		<= 3.1	Mitigation fix

CVE-2018-17936

8.1 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-434 - Unrestricted Upload of File with Dangerous Type

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
CMS: Versions 3.3 and prior NUUO / CMS		<= 3.3	Mitigation fix
CMS: Versions 3.1 and prior NUUO / CMS		<= 3.1	Mitigation fix

CVE-2018-18982

8.1 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
CMS: Versions 3.3 and prior NUUO / CMS		<= 3.3	Mitigation fix
CMS: Versions 3.1 and prior NUUO / CMS		<= 3.1	Mitigation fix

References

15 references

URL	Category
https://raw.githubusercontent.com/cisagov/CSAF/de…	self
https://www.cisa.gov/news-events/ics-advisories/i…	self
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-…	external
https://www.cisa.gov/uscert/sites/default/files/r…	external
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
https://www.first.org/cvss/calculator/3.0#CVSS:3.…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
https://www.first.org/cvss/calculator/3.0#CVSS:3.…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
https://www.first.org/cvss/calculator/3.0#CVSS:3.…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external

Acknowledgments

Pedro Ribeiro

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Pedro Ribeiro"
        ],
        "summary": "reporting these vulnerabilities to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of theses vulnerabilities could result in arbitrary remote code execution.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Commercial Facilities, Financial Services, Government Facilities, Healthcare and Public Health, Transportation Systems.",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Taiwan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-284-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-284-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-284-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-284-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "NUUO CMS (Update A)",
    "tracking": {
      "current_release_date": "2018-11-20T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-18-284-02",
      "initial_release_date": "2018-10-11T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2018-10-11T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-18-284-02 NUUO CMS"
        },
        {
          "date": "2018-11-20T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "ICSA-18-284-02 NUUO CMS (Update A)"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 3.3",
                "product": {
                  "name": "CMS: Versions 3.3 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "CMS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 3.1",
                "product": {
                  "name": "CMS: Versions 3.1 and prior",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "CMS"
          }
        ],
        "category": "vendor",
        "name": "NUUO"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-17888",
      "cwe": {
        "id": "CWE-330",
        "name": "Use of Insufficiently Random Values"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution.CVE-2018-17888 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17888"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "NUUO has developed a fix for the reported vulnerabilities and recommends users update to firmware v3.3 or the latest available. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://d1.nuuo.com/NUUO/CMS/v3.3.0/CMS_NUUO_All_v3.3.0.18.zip"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-17890",
      "cwe": {
        "id": "CWE-477",
        "name": "Use of Obsolete Function"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution.CVE-2018-17890 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17890"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "NUUO has developed a fix for the reported vulnerabilities and recommends users update to firmware v3.3 or the latest available. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://d1.nuuo.com/NUUO/CMS/v3.3.0/CMS_NUUO_All_v3.3.0.18.zip"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-17892",
      "cwe": {
        "id": "CWE-732",
        "name": "Incorrect Permission Assignment for Critical Resource"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The application implements a method of user account control that causes standard account security features to not be utilized as intended, which could allow user account compromise and may allow for remote code execution.CVE-2018-17892 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17892"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "NUUO has developed a fix for the reported vulnerabilities and recommends users update to firmware v3.3 or the latest available. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://d1.nuuo.com/NUUO/CMS/v3.3.0/CMS_NUUO_All_v3.3.0.18.zip"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-17894",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The application creates default accounts that have hard-coded passwords, which could allow an attacker to gain privileged access.CVE-2018-17894 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17894"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "NUUO has developed a fix for the reported vulnerabilities and recommends users update to firmware v3.3 or the latest available. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://d1.nuuo.com/NUUO/CMS/v3.3.0/CMS_NUUO_All_v3.3.0.18.zip"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-17934",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code.CVE-2018-17934 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17934"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "NUUO has developed a fix for the reported vulnerabilities and recommends users update to firmware v3.3 or the latest available. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://d1.nuuo.com/NUUO/CMS/v3.3.0/CMS_NUUO_All_v3.3.0.18.zip"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-17936",
      "cwe": {
        "id": "CWE-434",
        "name": "Unrestricted Upload of File with Dangerous Type"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution.CVE-2018-17936 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17936"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "NUUO has developed a fix for the reported vulnerabilities and recommends users update to firmware v3.3 or the latest available. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://d1.nuuo.com/NUUO/CMS/v3.3.0/CMS_NUUO_All_v3.3.0.18.zip"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-18982",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.CVE-2018-18982 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18982"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "NUUO has developed a fix for the reported vulnerabilities and recommends users update to firmware v3.3 or the latest available. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://d1.nuuo.com/NUUO/CMS/v3.3.0/CMS_NUUO_All_v3.3.0.18.zip"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    }
  ]
}

VAR-201810-0477

Vulnerability from variot - Updated: 2023-12-18 12:36

NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution. NUUO CMS Contains a code quality vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO CMS is a central software management platform from NUUO. The platform is used to centrally manage NVR (DVR), IP cameras and other devices, and provides user management and alarm management. An attacker could exploit the vulnerability to execute arbitrary code. NUUO CMS is prone to multiple remote code-execution and security-bypass vulnerabilities. Failed exploit attempts may result in a denial-of-service condition. NUUO CMS 3.1 and prior are vulnerable

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0477",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "cms",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "nuuo",
        "version": "3.1"
      },
      {
        "model": "cms",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "nuuo",
        "version": "3.1"
      },
      {
        "model": "cms",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nuuo",
        "version": "\u003c=3.1"
      },
      {
        "model": "cms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nuuo",
        "version": "3.0"
      },
      {
        "model": "cms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nuuo",
        "version": "2.9"
      },
      {
        "model": "cms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nuuo",
        "version": "2.6"
      },
      {
        "model": "cms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nuuo",
        "version": "1.3.1"
      },
      {
        "model": "cms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "nuuo",
        "version": "2.0"
      },
      {
        "model": "cms",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "nuuo",
        "version": "3.3.0.18"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "nuuo cms",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2fe539f-39ab-11e9-b7e5-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-21167"
      },
      {
        "db": "BID",
        "id": "105717"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010888"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17890"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-665"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nuuo:nuuo_cms:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-17890"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Pedro Ribeiro",
    "sources": [
      {
        "db": "BID",
        "id": "105717"
      },
      {
        "db": "PACKETSTORM",
        "id": "151260"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2018-17890",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-17890",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-21167",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "e2fe539f-39ab-11e9-b7e5-000c29342cb1",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-17890",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-17890",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-21167",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201810-665",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "e2fe539f-39ab-11e9-b7e5-000c29342cb1",
            "trust": 0.2,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2fe539f-39ab-11e9-b7e5-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-21167"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010888"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17890"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-665"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution. NUUO CMS Contains a code quality vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO CMS is a central software management platform from NUUO. The platform is used to centrally manage NVR (DVR), IP cameras and other devices, and provides user management and alarm management. An attacker could exploit the vulnerability to execute arbitrary code. NUUO CMS is prone to multiple remote code-execution and security-bypass vulnerabilities. Failed exploit attempts may result in a denial-of-service condition. \nNUUO CMS 3.1 and prior are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-17890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010888"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-21167"
      },
      {
        "db": "BID",
        "id": "105717"
      },
      {
        "db": "IVD",
        "id": "e2fe539f-39ab-11e9-b7e5-000c29342cb1"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-17890",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-284-02",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "105717",
        "trust": 1.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-21167",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-665",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010888",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "E2FE539F-39AB-11E9-B7E5-000C29342CB1",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "151260",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2fe539f-39ab-11e9-b7e5-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-21167"
      },
      {
        "db": "BID",
        "id": "105717"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010888"
      },
      {
        "db": "PACKETSTORM",
        "id": "151260"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17890"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-665"
      }
    ]
  },
  "id": "VAR-201810-0477",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "e2fe539f-39ab-11e9-b7e5-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-21167"
      }
    ],
    "trust": 1.4363636
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "e2fe539f-39ab-11e9-b7e5-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-21167"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:36:28.753000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Central Management System",
        "trust": 0.8,
        "url": "https://www.nuuo.com/productnode.php?node=3"
      },
      {
        "title": "Patch for NUUO CMS Code Execution Vulnerability (CNVD-2018-21167)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/142371"
      },
      {
        "title": "NUUO CMS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85783"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-21167"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010888"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-665"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-398",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010888"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17890"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-284-02"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/105717"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17890"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17890"
      },
      {
        "trust": 0.3,
        "url": "http://www.nuuo.com/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17888"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17892"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17936"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17934"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17894"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18982"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-21167"
      },
      {
        "db": "BID",
        "id": "105717"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010888"
      },
      {
        "db": "PACKETSTORM",
        "id": "151260"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17890"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-665"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "e2fe539f-39ab-11e9-b7e5-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-21167"
      },
      {
        "db": "BID",
        "id": "105717"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010888"
      },
      {
        "db": "PACKETSTORM",
        "id": "151260"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17890"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-665"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-18T00:00:00",
        "db": "IVD",
        "id": "e2fe539f-39ab-11e9-b7e5-000c29342cb1"
      },
      {
        "date": "2018-10-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-21167"
      },
      {
        "date": "2018-10-11T00:00:00",
        "db": "BID",
        "id": "105717"
      },
      {
        "date": "2018-12-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-010888"
      },
      {
        "date": "2019-01-21T23:02:22",
        "db": "PACKETSTORM",
        "id": "151260"
      },
      {
        "date": "2018-10-12T14:29:00.380000",
        "db": "NVD",
        "id": "CVE-2018-17890"
      },
      {
        "date": "2018-10-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-665"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-21167"
      },
      {
        "date": "2018-10-11T00:00:00",
        "db": "BID",
        "id": "105717"
      },
      {
        "date": "2018-12-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-010888"
      },
      {
        "date": "2020-09-18T16:21:10.283000",
        "db": "NVD",
        "id": "CVE-2018-17890"
      },
      {
        "date": "2020-09-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-665"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "151260"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-665"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NUUO CMS Vulnerabilities related to code quality",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010888"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-665"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-17890 (GCVE-0-2018-17890)

CNVD-2018-21167

FKIE_CVE-2018-17890

GHSA-7HPX-8CR4-GMGF

GSD-2018-17890

ICSA-18-284-02

VAR-201810-0477

Tags

Sightings

Nomenclature