VAR-201805-0940
Vulnerability from variot - Updated: 2023-12-18 12:44In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjacent network. Vecna VGo Robot Contains an information disclosure vulnerability.Information may be obtained. VGo is a new productivity improvement solution that allows individuals to replicate themselves in remote locations and move freely as if they were there. Vecna VGo Robot is prone to an information-disclosure vulnerability and an OS command execution vulnerability. Attackers may exploit these issues to obtain sensitive information or execute arbitrary OS commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0940",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vgo",
"scope": "lt",
"trust": 1.8,
"vendor": "vecna",
"version": "3.0.3.52164"
},
{
"model": "technologies inc vgo robot",
"scope": "lt",
"trust": 0.6,
"vendor": "vecna",
"version": "3.0.3.52164"
},
{
"model": "vgo robot",
"scope": "eq",
"trust": 0.3,
"vendor": "vecna",
"version": "3.0.2"
},
{
"model": "vgo robot",
"scope": "eq",
"trust": 0.3,
"vendor": "vecna",
"version": "2.1.0"
},
{
"model": "vgo robot",
"scope": "eq",
"trust": 0.3,
"vendor": "vecna",
"version": "2.0.0"
},
{
"model": "vgo robot",
"scope": "eq",
"trust": 0.3,
"vendor": "vecna",
"version": "1.5.5"
},
{
"model": "vgo robot",
"scope": "eq",
"trust": 0.3,
"vendor": "vecna",
"version": "1.5.0"
},
{
"model": "vgo robot",
"scope": "eq",
"trust": 0.3,
"vendor": "vecna",
"version": "1.4.2"
},
{
"model": "vgo robot",
"scope": "ne",
"trust": 0.3,
"vendor": "vecna",
"version": "3.0.3.52164"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vgo",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2ed8ac1-39ab-11e9-a96b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08451"
},
{
"db": "BID",
"id": "103966"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004823"
},
{
"db": "NVD",
"id": "CVE-2018-8860"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:vecna:vgo_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.3.52164",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:vecna:vgo:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8860"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dan Regalado from Zingbox",
"sources": [
{
"db": "BID",
"id": "103966"
}
],
"trust": 0.3
},
"cve": "CVE-2018-8860",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-8860",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2018-08451",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "e2ed8ac1-39ab-11e9-a96b-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-8860",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8860",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-08451",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-232",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "e2ed8ac1-39ab-11e9-a96b-000c29342cb1",
"trust": 0.2,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2ed8ac1-39ab-11e9-a96b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08451"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004823"
},
{
"db": "NVD",
"id": "CVE-2018-8860"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-232"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjacent network. Vecna VGo Robot Contains an information disclosure vulnerability.Information may be obtained. VGo is a new productivity improvement solution that allows individuals to replicate themselves in remote locations and move freely as if they were there. Vecna VGo Robot is prone to an information-disclosure vulnerability and an OS command execution vulnerability. \nAttackers may exploit these issues to obtain sensitive information or execute arbitrary OS commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8860"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004823"
},
{
"db": "CNVD",
"id": "CNVD-2018-08451"
},
{
"db": "BID",
"id": "103966"
},
{
"db": "IVD",
"id": "e2ed8ac1-39ab-11e9-a96b-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8860",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-114-01",
"trust": 3.3
},
{
"db": "BID",
"id": "103966",
"trust": 1.3
},
{
"db": "CNVD",
"id": "CNVD-2018-08451",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-232",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004823",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2ED8AC1-39AB-11E9-A96B-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2ed8ac1-39ab-11e9-a96b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08451"
},
{
"db": "BID",
"id": "103966"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004823"
},
{
"db": "NVD",
"id": "CVE-2018-8860"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-232"
}
]
},
"id": "VAR-201805-0940",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2ed8ac1-39ab-11e9-a96b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08451"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2ed8ac1-39ab-11e9-a96b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08451"
}
]
},
"last_update_date": "2023-12-18T12:44:03.245000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.vecna.com/"
},
{
"title": "Patch for Vecna VGo Robot Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/127511"
},
{
"title": "Vecna VGo Robot Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79911"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08451"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004823"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-232"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004823"
},
{
"db": "NVD",
"id": "CVE-2018-8860"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-114-01"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/103966"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8860"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8860"
},
{
"trust": 0.3,
"url": "https://www.vecna.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08451"
},
{
"db": "BID",
"id": "103966"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004823"
},
{
"db": "NVD",
"id": "CVE-2018-8860"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-232"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2ed8ac1-39ab-11e9-a96b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08451"
},
{
"db": "BID",
"id": "103966"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004823"
},
{
"db": "NVD",
"id": "CVE-2018-8860"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-232"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-26T00:00:00",
"db": "IVD",
"id": "e2ed8ac1-39ab-11e9-a96b-000c29342cb1"
},
{
"date": "2018-04-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08451"
},
{
"date": "2018-04-24T00:00:00",
"db": "BID",
"id": "103966"
},
{
"date": "2018-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004823"
},
{
"date": "2018-05-09T21:29:00.323000",
"db": "NVD",
"id": "CVE-2018-8860"
},
{
"date": "2018-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-232"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08451"
},
{
"date": "2018-04-24T00:00:00",
"db": "BID",
"id": "103966"
},
{
"date": "2018-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004823"
},
{
"date": "2018-06-13T13:09:31.863000",
"db": "NVD",
"id": "CVE-2018-8860"
},
{
"date": "2018-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-232"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-232"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vecna VGo Robot Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2ed8ac1-39ab-11e9-a96b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-08451"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-232"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-232"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…