Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
15 vulnerabilities by ecos
VAR-201806-0735
Vulnerability from variot - Updated: 2024-02-13 22:46Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware. ECOS Secure Boot Stick ( alias SBS) Contains a cryptographic vulnerability.Information may be obtained and information may be altered. ECOS Secure Boot Stick (also known as SBS) is a security device from German ECOS TECHNOLOGY for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications. A security vulnerability exists in ECOS SBS version 5.6.5. An attacker could exploit this vulnerability to take control of authentication and encryption keys
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0735",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure boot stick",
"scope": "eq",
"trust": 2.4,
"vendor": "ecos",
"version": "5.6.5"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006493"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-938"
},
{
"db": "NVD",
"id": "CVE-2018-12330"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ecos:secure_boot_stick_firmware:5.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ecos:secure_boot_stick:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12330"
}
]
},
"cve": "CVE-2018-12330",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 8.5,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-12330",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-122279",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-12330",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-12330",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-938",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-122279",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-12330",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122279"
},
{
"db": "VULMON",
"id": "CVE-2018-12330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006493"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-938"
},
{
"db": "NVD",
"id": "CVE-2018-12330"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware. ECOS Secure Boot Stick ( alias SBS) Contains a cryptographic vulnerability.Information may be obtained and information may be altered. ECOS Secure Boot Stick (also known as SBS) is a security device from German ECOS TECHNOLOGY for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications. A security vulnerability exists in ECOS SBS version 5.6.5. An attacker could exploit this vulnerability to take control of authentication and encryption keys",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006493"
},
{
"db": "VULHUB",
"id": "VHN-122279"
},
{
"db": "VULMON",
"id": "CVE-2018-12330"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12330",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006493",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-938",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-122279",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-12330",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122279"
},
{
"db": "VULMON",
"id": "CVE-2018-12330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006493"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-938"
},
{
"db": "NVD",
"id": "CVE-2018-12330"
}
]
},
"id": "VAR-201806-0735",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122279"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T22:46:32.081000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURE BOOT STICK",
"trust": 0.8,
"url": "https://www.ecos.de/produkte/zugangskomponenten/secure-boot-stick/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006493"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122279"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006493"
},
{
"db": "NVD",
"id": "CVE-2018-12330"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12330"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12330"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122279"
},
{
"db": "VULMON",
"id": "CVE-2018-12330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006493"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-938"
},
{
"db": "NVD",
"id": "CVE-2018-12330"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122279"
},
{
"db": "VULMON",
"id": "CVE-2018-12330"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006493"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-938"
},
{
"db": "NVD",
"id": "CVE-2018-12330"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-122279"
},
{
"date": "2018-06-17T00:00:00",
"db": "VULMON",
"id": "CVE-2018-12330"
},
{
"date": "2018-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006493"
},
{
"date": "2018-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-938"
},
{
"date": "2018-06-17T16:29:00.440000",
"db": "NVD",
"id": "CVE-2018-12330"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-122279"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-12330"
},
{
"date": "2018-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006493"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-938"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-12330"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-938"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ECOS Secure Boot Stick Cryptographic vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006493"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-938"
}
],
"trust": 0.6
}
}
VAR-201806-0742
Vulnerability from variot - Updated: 2023-12-18 14:05Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation. ECOS Secure Boot Stick ( alias SBS) Contains an information disclosure vulnerability.Information may be obtained. ECOSSecureBootStick (aka SBS) is a security device for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications from ECOSTECHNOLOGY, Germany. There is a security vulnerability in the ECOSSBS version 5.6.5. An attacker could exploit the vulnerability to extract the configuration of credentials by enumerating user space
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0742",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure boot stick",
"scope": "eq",
"trust": 2.4,
"vendor": "ecos",
"version": "5.6.5"
},
{
"model": "secure boot stick ecos secure boot stick",
"scope": "eq",
"trust": 0.6,
"vendor": "ecos",
"version": "5.6.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-09042"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006542"
},
{
"db": "NVD",
"id": "CVE-2018-12337"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-931"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ecos:secure_boot_stick_firmware:5.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ecos:secure_boot_stick:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12337"
}
]
},
"cve": "CVE-2018-12337",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-12337",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-09042",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-122286",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.6,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-12337",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-12337",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-09042",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-931",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-122286",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-09042"
},
{
"db": "VULHUB",
"id": "VHN-122286"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006542"
},
{
"db": "NVD",
"id": "CVE-2018-12337"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-931"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation. ECOS Secure Boot Stick ( alias SBS) Contains an information disclosure vulnerability.Information may be obtained. ECOSSecureBootStick (aka SBS) is a security device for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications from ECOSTECHNOLOGY, Germany. There is a security vulnerability in the ECOSSBS version 5.6.5. An attacker could exploit the vulnerability to extract the configuration of credentials by enumerating user space",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12337"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006542"
},
{
"db": "CNVD",
"id": "CNVD-2019-09042"
},
{
"db": "VULHUB",
"id": "VHN-122286"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12337",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006542",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-931",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-09042",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-122286",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-09042"
},
{
"db": "VULHUB",
"id": "VHN-122286"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006542"
},
{
"db": "NVD",
"id": "CVE-2018-12337"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-931"
}
]
},
"id": "VAR-201806-0742",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-09042"
},
{
"db": "VULHUB",
"id": "VHN-122286"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-09042"
}
]
},
"last_update_date": "2023-12-18T14:05:26.744000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURE BOOT STICK",
"trust": 0.8,
"url": "https://www.ecos.de/produkte/zugangskomponenten/secure-boot-stick/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006542"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122286"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006542"
},
{
"db": "NVD",
"id": "CVE-2018-12337"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12337"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12337"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-09042"
},
{
"db": "VULHUB",
"id": "VHN-122286"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006542"
},
{
"db": "NVD",
"id": "CVE-2018-12337"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-931"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-09042"
},
{
"db": "VULHUB",
"id": "VHN-122286"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006542"
},
{
"db": "NVD",
"id": "CVE-2018-12337"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-931"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-09042"
},
{
"date": "2018-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-122286"
},
{
"date": "2018-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006542"
},
{
"date": "2018-06-17T16:29:00.770000",
"db": "NVD",
"id": "CVE-2018-12337"
},
{
"date": "2018-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-931"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-09042"
},
{
"date": "2018-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-122286"
},
{
"date": "2018-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006542"
},
{
"date": "2018-08-10T15:11:12.080000",
"db": "NVD",
"id": "CVE-2018-12337"
},
{
"date": "2018-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-931"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-931"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ECOS Secure Boot Stick Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006542"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-931"
}
],
"trust": 0.6
}
}
VAR-201806-0737
Vulnerability from variot - Updated: 2023-12-18 13:56Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset. ECOS Secure Boot Stick ( alias SBS) Contains an information disclosure vulnerability.Information may be obtained. ECOS Secure Boot Stick (also known as SBS) is a security device from German ECOS TECHNOLOGY for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications. A security vulnerability exists in ECOS SBS version 5.6.5. An attacker could exploit this vulnerability to take control of authentication and encryption keys
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0737",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure boot stick",
"scope": "eq",
"trust": 2.4,
"vendor": "ecos",
"version": "5.6.5"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006494"
},
{
"db": "NVD",
"id": "CVE-2018-12332"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-936"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ecos:secure_boot_stick_firmware:5.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ecos:secure_boot_stick:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12332"
}
]
},
"cve": "CVE-2018-12332",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 1.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-12332",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-122281",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.2,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-12332",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-12332",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-936",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-122281",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122281"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006494"
},
{
"db": "NVD",
"id": "CVE-2018-12332"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-936"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset. ECOS Secure Boot Stick ( alias SBS) Contains an information disclosure vulnerability.Information may be obtained. ECOS Secure Boot Stick (also known as SBS) is a security device from German ECOS TECHNOLOGY for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications. A security vulnerability exists in ECOS SBS version 5.6.5. An attacker could exploit this vulnerability to take control of authentication and encryption keys",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12332"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006494"
},
{
"db": "VULHUB",
"id": "VHN-122281"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12332",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006494",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-936",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-122281",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122281"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006494"
},
{
"db": "NVD",
"id": "CVE-2018-12332"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-936"
}
]
},
"id": "VAR-201806-0737",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122281"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:56:59.315000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURE BOOT STICK",
"trust": 0.8,
"url": "https://www.ecos.de/produkte/zugangskomponenten/secure-boot-stick/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006494"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-459",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122281"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006494"
},
{
"db": "NVD",
"id": "CVE-2018-12332"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12332"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12332"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122281"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006494"
},
{
"db": "NVD",
"id": "CVE-2018-12332"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-936"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122281"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006494"
},
{
"db": "NVD",
"id": "CVE-2018-12332"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-936"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-122281"
},
{
"date": "2018-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006494"
},
{
"date": "2018-06-17T16:29:00.533000",
"db": "NVD",
"id": "CVE-2018-12332"
},
{
"date": "2018-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-936"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-122281"
},
{
"date": "2018-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006494"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-12332"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-936"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-936"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ECOS Secure Boot Stick Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006494"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-936"
}
],
"trust": 0.6
}
}
VAR-201806-0739
Vulnerability from variot - Updated: 2023-12-18 13:33Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a virtualization attack. ECOS Secure Boot Stick ( alias SBS) Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ECOS Secure Boot Stick (also known as SBS) is a security device from German ECOS TECHNOLOGY for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications. A security vulnerability exists in ECOS SBS version 5.6.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0739",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure boot stick",
"scope": "eq",
"trust": 2.4,
"vendor": "ecos",
"version": "5.6.5"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006547"
},
{
"db": "NVD",
"id": "CVE-2018-12334"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-934"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ecos:secure_boot_stick_firmware:5.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ecos:secure_boot_stick:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12334"
}
]
},
"cve": "CVE-2018-12334",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-12334",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-122283",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-12334",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-12334",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-934",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-122283",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122283"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006547"
},
{
"db": "NVD",
"id": "CVE-2018-12334"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-934"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a virtualization attack. ECOS Secure Boot Stick ( alias SBS) Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ECOS Secure Boot Stick (also known as SBS) is a security device from German ECOS TECHNOLOGY for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications. A security vulnerability exists in ECOS SBS version 5.6.5",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12334"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006547"
},
{
"db": "VULHUB",
"id": "VHN-122283"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12334",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006547",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-934",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-122283",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122283"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006547"
},
{
"db": "NVD",
"id": "CVE-2018-12334"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-934"
}
]
},
"id": "VAR-201806-0739",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122283"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:33:50.255000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURE BOOT STICK",
"trust": 0.8,
"url": "https://www.ecos.de/produkte/zugangskomponenten/secure-boot-stick/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006547"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122283"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006547"
},
{
"db": "NVD",
"id": "CVE-2018-12334"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12334"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12334"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122283"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006547"
},
{
"db": "NVD",
"id": "CVE-2018-12334"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-934"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122283"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006547"
},
{
"db": "NVD",
"id": "CVE-2018-12334"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-934"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-122283"
},
{
"date": "2018-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006547"
},
{
"date": "2018-06-17T16:29:00.627000",
"db": "NVD",
"id": "CVE-2018-12334"
},
{
"date": "2018-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-934"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-122283"
},
{
"date": "2018-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006547"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-12334"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-934"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-934"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ECOS Secure Boot Stick Cryptographic vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006547"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-934"
}
],
"trust": 0.6
}
}
VAR-201806-0738
Vulnerability from variot - Updated: 2023-12-18 13:28Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code. ECOS Secure Boot Stick ( alias SBS) Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ECOS Secure Boot Stick (also known as SBS) is a security device from German ECOS TECHNOLOGY for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications. There is a security hole in ECOS SBS version 5.6.5, which is caused by the fact that the program does not fully verify the reliability of the data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0738",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure boot stick",
"scope": "eq",
"trust": 2.4,
"vendor": "ecos",
"version": "5.6.5"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006495"
},
{
"db": "NVD",
"id": "CVE-2018-12333"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-935"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ecos:secure_boot_stick_firmware:5.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ecos:secure_boot_stick:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12333"
}
]
},
"cve": "CVE-2018-12333",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-12333",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-122282",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-12333",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-12333",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-935",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-122282",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122282"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006495"
},
{
"db": "NVD",
"id": "CVE-2018-12333"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-935"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code. ECOS Secure Boot Stick ( alias SBS) Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ECOS Secure Boot Stick (also known as SBS) is a security device from German ECOS TECHNOLOGY for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications. There is a security hole in ECOS SBS version 5.6.5, which is caused by the fact that the program does not fully verify the reliability of the data",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12333"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006495"
},
{
"db": "VULHUB",
"id": "VHN-122282"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12333",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006495",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-935",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-122282",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122282"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006495"
},
{
"db": "NVD",
"id": "CVE-2018-12333"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-935"
}
]
},
"id": "VAR-201806-0738",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122282"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:28:51.927000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURE BOOT STICK",
"trust": 0.8,
"url": "https://www.ecos.de/produkte/zugangskomponenten/secure-boot-stick/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006495"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122282"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006495"
},
{
"db": "NVD",
"id": "CVE-2018-12333"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12333"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12333"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122282"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006495"
},
{
"db": "NVD",
"id": "CVE-2018-12333"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-935"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122282"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006495"
},
{
"db": "NVD",
"id": "CVE-2018-12333"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-935"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-122282"
},
{
"date": "2018-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006495"
},
{
"date": "2018-06-17T16:29:00.597000",
"db": "NVD",
"id": "CVE-2018-12333"
},
{
"date": "2018-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-935"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-122282"
},
{
"date": "2018-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006495"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-12333"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-935"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-935"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ECOS Secure Boot Stick Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006495"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-935"
}
],
"trust": 0.6
}
}
VAR-201806-0734
Vulnerability from variot - Updated: 2023-12-18 13:24Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to duplicate an authentication factor via cloning. ECOS Secure Boot Stick ( alias SBS) Contains an information disclosure vulnerability.Information may be obtained. ECOSSecureBootStick (aka SBS) is a security device for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications from ECOSTECHNOLOGY, Germany. There is a security vulnerability in the ECOSSBS version 5.6.5. An attacker could exploit the vulnerability to bypass security restrictions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0734",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure boot stick",
"scope": "eq",
"trust": 2.4,
"vendor": "ecos",
"version": "5.6.5"
},
{
"model": "secure boot stick ecos secure boot stick",
"scope": "eq",
"trust": 0.6,
"vendor": "ecos",
"version": "5.6.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-09048"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006492"
},
{
"db": "NVD",
"id": "CVE-2018-12329"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-939"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ecos:secure_boot_stick_firmware:5.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ecos:secure_boot_stick:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12329"
}
]
},
"cve": "CVE-2018-12329",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-12329",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2019-09048",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-122277",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-12329",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-12329",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-09048",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-939",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-122277",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-09048"
},
{
"db": "VULHUB",
"id": "VHN-122277"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006492"
},
{
"db": "NVD",
"id": "CVE-2018-12329"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-939"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to duplicate an authentication factor via cloning. ECOS Secure Boot Stick ( alias SBS) Contains an information disclosure vulnerability.Information may be obtained. ECOSSecureBootStick (aka SBS) is a security device for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications from ECOSTECHNOLOGY, Germany. There is a security vulnerability in the ECOSSBS version 5.6.5. An attacker could exploit the vulnerability to bypass security restrictions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12329"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006492"
},
{
"db": "CNVD",
"id": "CNVD-2019-09048"
},
{
"db": "VULHUB",
"id": "VHN-122277"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12329",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006492",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-939",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-09048",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-122277",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-09048"
},
{
"db": "VULHUB",
"id": "VHN-122277"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006492"
},
{
"db": "NVD",
"id": "CVE-2018-12329"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-939"
}
]
},
"id": "VAR-201806-0734",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-09048"
},
{
"db": "VULHUB",
"id": "VHN-122277"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-09048"
}
]
},
"last_update_date": "2023-12-18T13:24:05.432000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURE BOOT STICK",
"trust": 0.8,
"url": "https://www.ecos.de/produkte/zugangskomponenten/secure-boot-stick/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006492"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122277"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006492"
},
{
"db": "NVD",
"id": "CVE-2018-12329"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12329"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12329"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-09048"
},
{
"db": "VULHUB",
"id": "VHN-122277"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006492"
},
{
"db": "NVD",
"id": "CVE-2018-12329"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-939"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-09048"
},
{
"db": "VULHUB",
"id": "VHN-122277"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006492"
},
{
"db": "NVD",
"id": "CVE-2018-12329"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-939"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-09048"
},
{
"date": "2018-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-122277"
},
{
"date": "2018-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006492"
},
{
"date": "2018-06-17T16:29:00.393000",
"db": "NVD",
"id": "CVE-2018-12329"
},
{
"date": "2018-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-939"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-09048"
},
{
"date": "2018-08-09T00:00:00",
"db": "VULHUB",
"id": "VHN-122277"
},
{
"date": "2018-08-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006492"
},
{
"date": "2018-08-09T18:44:33.303000",
"db": "NVD",
"id": "CVE-2018-12329"
},
{
"date": "2018-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-939"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-939"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ECOS Secure Boot Stick Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006492"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-939"
}
],
"trust": 0.6
}
}
VAR-201806-0741
Vulnerability from variot - Updated: 2023-12-18 12:50Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access. There is a security vulnerability in ECOS SBS version 5.6.5, which is caused by an undocumented vendor backdoor in the program. An attacker could exploit this vulnerability by sending a specially crafted request to extract credential information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0741",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure boot stick",
"scope": "eq",
"trust": 2.4,
"vendor": "ecos",
"version": "5.6.5"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006541"
},
{
"db": "NVD",
"id": "CVE-2018-12336"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-932"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ecos:secure_boot_stick_firmware:5.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ecos:secure_boot_stick:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12336"
}
]
},
"cve": "CVE-2018-12336",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-12336",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-122285",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-12336",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-12336",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-932",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-122285",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-12336",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122285"
},
{
"db": "VULMON",
"id": "CVE-2018-12336"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006541"
},
{
"db": "NVD",
"id": "CVE-2018-12336"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-932"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access. There is a security vulnerability in ECOS SBS version 5.6.5, which is caused by an undocumented vendor backdoor in the program. An attacker could exploit this vulnerability by sending a specially crafted request to extract credential information",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12336"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006541"
},
{
"db": "VULHUB",
"id": "VHN-122285"
},
{
"db": "VULMON",
"id": "CVE-2018-12336"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12336",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006541",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-932",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-122285",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-12336",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122285"
},
{
"db": "VULMON",
"id": "CVE-2018-12336"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006541"
},
{
"db": "NVD",
"id": "CVE-2018-12336"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-932"
}
]
},
"id": "VAR-201806-0741",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122285"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:50:43.720000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURE BOOT STICK",
"trust": 0.8,
"url": "https://www.ecos.de/produkte/zugangskomponenten/secure-boot-stick/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006541"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122285"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006541"
},
{
"db": "NVD",
"id": "CVE-2018-12336"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12336"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12336"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122285"
},
{
"db": "VULMON",
"id": "CVE-2018-12336"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006541"
},
{
"db": "NVD",
"id": "CVE-2018-12336"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-932"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122285"
},
{
"db": "VULMON",
"id": "CVE-2018-12336"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006541"
},
{
"db": "NVD",
"id": "CVE-2018-12336"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-932"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-17T00:00:00",
"db": "VULHUB",
"id": "VHN-122285"
},
{
"date": "2018-06-17T00:00:00",
"db": "VULMON",
"id": "CVE-2018-12336"
},
{
"date": "2018-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006541"
},
{
"date": "2018-06-17T16:29:00.723000",
"db": "NVD",
"id": "CVE-2018-12336"
},
{
"date": "2018-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-932"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-122285"
},
{
"date": "2018-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2018-12336"
},
{
"date": "2018-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006541"
},
{
"date": "2018-08-10T15:10:07.543000",
"db": "NVD",
"id": "CVE-2018-12336"
},
{
"date": "2018-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-932"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-932"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ECOS Secure Boot Stick Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006541"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-932"
}
],
"trust": 0.6
}
}
CVE-2018-12335 (GCVE-0-2018-12335)
Vulnerability from cvelistv5 – Published: 2018-06-17 16:00 – Updated: 2024-08-05 08:30- n/a
| URL | Tags |
|---|---|
| https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-17T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html",
"refsource": "MISC",
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12335",
"datePublished": "2018-06-17T16:00:00.000Z",
"dateReserved": "2018-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12338 (GCVE-0-2018-12338)
Vulnerability from cvelistv5 – Published: 2018-06-17 16:00 – Updated: 2024-08-05 08:30- n/a
| URL | Tags |
|---|---|
| https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote root SSH access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-17T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote root SSH access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html",
"refsource": "MISC",
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12338",
"datePublished": "2018-06-17T16:00:00.000Z",
"dateReserved": "2018-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12331 (GCVE-0-2018-12331)
Vulnerability from cvelistv5 – Published: 2018-06-17 16:00 – Updated: 2024-08-05 08:30- n/a
| URL | Tags |
|---|---|
| https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during \"Easy Enrollment.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-17T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during \"Easy Enrollment.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html",
"refsource": "MISC",
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12331",
"datePublished": "2018-06-17T16:00:00.000Z",
"dateReserved": "2018-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000020 (GCVE-0-2017-1000020)
Vulnerability from cvelistv5 – Published: 2017-07-13 20:00 – Updated: 2024-08-05 21:53- n/a
| URL | Tags |
|---|---|
| http://ecos.sourceware.org/ecos/problemreport.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ecos.sourceware.org/ecos/problemreport.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-05-06T00:00:00.000Z",
"datePublic": "2017-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. \"eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-13T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ecos.sourceware.org/ecos/problemreport.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-05-06T20:43:28.271028",
"ID": "CVE-2017-1000020",
"REQUESTER": "niteshvai67@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. \"eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ecos.sourceware.org/ecos/problemreport.html",
"refsource": "MISC",
"url": "http://ecos.sourceware.org/ecos/problemreport.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000020",
"datePublished": "2017-07-13T20:00:00.000Z",
"dateReserved": "2017-07-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:53:06.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12335 (GCVE-0-2018-12335)
Vulnerability from nvd – Published: 2018-06-17 16:00 – Updated: 2024-08-05 08:30- n/a
| URL | Tags |
|---|---|
| https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-17T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html",
"refsource": "MISC",
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12335",
"datePublished": "2018-06-17T16:00:00.000Z",
"dateReserved": "2018-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12338 (GCVE-0-2018-12338)
Vulnerability from nvd – Published: 2018-06-17 16:00 – Updated: 2024-08-05 08:30- n/a
| URL | Tags |
|---|---|
| https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote root SSH access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-17T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote root SSH access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html",
"refsource": "MISC",
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12338",
"datePublished": "2018-06-17T16:00:00.000Z",
"dateReserved": "2018-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12331 (GCVE-0-2018-12331)
Vulnerability from nvd – Published: 2018-06-17 16:00 – Updated: 2024-08-05 08:30- n/a
| URL | Tags |
|---|---|
| https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during \"Easy Enrollment.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-17T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during \"Easy Enrollment.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html",
"refsource": "MISC",
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12331",
"datePublished": "2018-06-17T16:00:00.000Z",
"dateReserved": "2018-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:30:59.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000020 (GCVE-0-2017-1000020)
Vulnerability from nvd – Published: 2017-07-13 20:00 – Updated: 2024-08-05 21:53- n/a
| URL | Tags |
|---|---|
| http://ecos.sourceware.org/ecos/problemreport.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ecos.sourceware.org/ecos/problemreport.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-05-06T00:00:00.000Z",
"datePublic": "2017-07-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. \"eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-13T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ecos.sourceware.org/ecos/problemreport.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-05-06T20:43:28.271028",
"ID": "CVE-2017-1000020",
"REQUESTER": "niteshvai67@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. \"eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ecos.sourceware.org/ecos/problemreport.html",
"refsource": "MISC",
"url": "http://ecos.sourceware.org/ecos/problemreport.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000020",
"datePublished": "2017-07-13T20:00:00.000Z",
"dateReserved": "2017-07-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T21:53:06.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}