VAR-201911-1740
Vulnerability from variot - Updated: 2023-12-18 13:18An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Raritan CommandCenter Secure Gateway Is XML An external entity vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The product provides features such as remote control, centralized authentication, authorization, and logging. A code issue vulnerability exists in Raritan CC-SG versions prior to 8.0.0. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products. I. CVE REFERENCE
CVE-2018-20687
III. VENDOR
https://www.raritan.com/support/product/commandcenter-secure-gateway
IV. TIMELINE
04/01/2019 Vulnerability discovered 07/01/2019 Vendor contacted
V. CREDIT
Okan Coşkun from Biznet Bilisim A.S. Faruk Ünal From Biznet Bilisim A.S.
VI. DESCRIPTION
Raritan CommandCenter Secure Gateway version prior 8.0.0 affected by XXE. A remote unauthenticated attacker may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts by using this vulnerability.
Vulnerable path: /CommandCenterWebServices/.*
VII. SOLUTION
Update current CommandCenter Secure Gateway
VIII. REFERENCES
You can find more information about XXE from the link below: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1740",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "commandcenter secure gateway",
"scope": "lt",
"trust": 1.8,
"vendor": "raritan",
"version": "8.0.0"
},
{
"model": "commandcenter secure gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "raritan",
"version": "6.2.0"
},
{
"model": "commandcenter secure gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "raritan",
"version": "7.0.0"
},
{
"model": "commandcenter secure gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "raritan",
"version": "4.2.0"
},
{
"model": "commandcenter secure gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "raritan",
"version": "5.1.0"
},
{
"model": "commandcenter secure gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "raritan",
"version": "4.3.0"
},
{
"model": "commandcenter secure gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "raritan",
"version": "5.2.0"
},
{
"model": "commandcenter secure gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "raritan",
"version": "6.1.0"
},
{
"model": "commandcenter secure gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "raritan",
"version": "5.0.5"
},
{
"model": "commandcenter secure gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "raritan",
"version": "6.0.0"
},
{
"model": "commandcenter secure gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "raritan",
"version": "5.3.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012246"
},
{
"db": "NVD",
"id": "CVE-2018-20687"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1051"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:raritan:commandcenter_secure_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20687"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Okan Coskun",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1051"
}
],
"trust": 0.6
},
"cve": "CVE-2018-20687",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-20687",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-131518",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-20687",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-20687",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1051",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-131518",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012246"
},
{
"db": "NVD",
"id": "CVE-2018-20687"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1051"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Raritan CommandCenter Secure Gateway Is XML An external entity vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The product provides features such as remote control, centralized authentication, authorization, and logging. A code issue vulnerability exists in Raritan CC-SG versions prior to 8.0.0. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products. I. CVE REFERENCE\n-------------------------\nCVE-2018-20687\n\nIII. VENDOR\n-------------------------\nhttps://www.raritan.com/support/product/commandcenter-secure-gateway\n\nIV. TIMELINE\n------------------------\n04/01/2019 Vulnerability discovered\n07/01/2019 Vendor contacted\n\nV. CREDIT\n-------------------------\nOkan Co\u015fkun from Biznet Bilisim A.S. \nFaruk \u00dcnal From Biznet Bilisim A.S. \n\nVI. DESCRIPTION\n-------------------------\nRaritan CommandCenter Secure Gateway version prior 8.0.0 affected by\nXXE. A remote unauthenticated attacker may lead to the disclosure of\nconfidential data, denial of service, server side request forgery,\nport scanning from the perspective of the machine where the parser is\nlocated, and other system impacts by using this vulnerability. \n\nVulnerable path: /CommandCenterWebServices/.*\n\nVII. SOLUTION\n-------------------------\nUpdate current CommandCenter Secure Gateway\n\nVIII. REFERENCES\n-------------------------\n\nYou can find more information about XXE from the link below:\nhttps://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20687"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012246"
},
{
"db": "VULHUB",
"id": "VHN-131518"
},
{
"db": "PACKETSTORM",
"id": "155359"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20687",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "155359",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012246",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1051",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-131518",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012246"
},
{
"db": "PACKETSTORM",
"id": "155359"
},
{
"db": "NVD",
"id": "CVE-2018-20687"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1051"
}
]
},
"id": "VAR-201911-1740",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-131518"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:18:30.294000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.raritan.com/jp/products/power/dcim-software/power-iq"
},
{
"title": "Raritan CommandCenter Secure Gateway Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=103088"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012246"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1051"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012246"
},
{
"db": "NVD",
"id": "CVE-2018-20687"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2019/nov/11"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/155359/raritan-commandcenter-secure-gateway-xml-injection.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20687"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20687"
},
{
"trust": 0.1,
"url": "https://www.raritan.com/support/product/commandcenter-secure-gateway"
},
{
"trust": 0.1,
"url": "https://www.owasp.org/index.php/xml_external_entity_(xxe)_processing"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-131518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012246"
},
{
"db": "PACKETSTORM",
"id": "155359"
},
{
"db": "NVD",
"id": "CVE-2018-20687"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1051"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-131518"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012246"
},
{
"db": "PACKETSTORM",
"id": "155359"
},
{
"db": "NVD",
"id": "CVE-2018-20687"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1051"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-18T00:00:00",
"db": "VULHUB",
"id": "VHN-131518"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012246"
},
{
"date": "2019-11-15T21:32:42",
"db": "PACKETSTORM",
"id": "155359"
},
{
"date": "2019-11-18T19:15:12.467000",
"db": "NVD",
"id": "CVE-2018-20687"
},
{
"date": "2019-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1051"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "VULHUB",
"id": "VHN-131518"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012246"
},
{
"date": "2019-11-21T20:06:32.607000",
"db": "NVD",
"id": "CVE-2018-20687"
},
{
"date": "2019-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1051"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "155359"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1051"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Raritan CommandCenter Secure Gateway In XML External entity vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012246"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1051"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…