CVE-2018-11518 (GCVE-0-2018-11518)

Vulnerability from cvelistv5 – Published: 2018-05-30 20:00 – Updated: 2024-08-05 08:10
VLAI
Summary
A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece).
CWE
  • n/a
Assigner
Date Public
2018-05-30 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:10:14.610Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/mishradhiraj_/status/1001664440759091207"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://twitter.com/mishradhiraj_/status/1001664204485652482"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-05-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller\u0027s physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller\u0027s earpiece)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-30T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/mishradhiraj_/status/1001664440759091207"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://twitter.com/mishradhiraj_/status/1001664204485652482"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-11518",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller\u0027s physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller\u0027s earpiece)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://twitter.com/mishradhiraj_/status/1001664440759091207",
              "refsource": "MISC",
              "url": "https://twitter.com/mishradhiraj_/status/1001664440759091207"
            },
            {
              "name": "https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html",
              "refsource": "MISC",
              "url": "https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html"
            },
            {
              "name": "http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html",
              "refsource": "MISC",
              "url": "http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html"
            },
            {
              "name": "https://twitter.com/mishradhiraj_/status/1001664204485652482",
              "refsource": "MISC",
              "url": "https://twitter.com/mishradhiraj_/status/1001664204485652482"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-11518",
    "datePublished": "2018-05-30T20:00:00.000Z",
    "dateReserved": "2018-05-28T00:00:00.000Z",
    "dateUpdated": "2024-08-05T08:10:14.610Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-11518",
      "date": "2026-07-17",
      "epss": "0.0142",
      "percentile": "0.69831"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:hcltech:legacy_ivr_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9B9B1F8-7095-48BD-BAE3-E471BABBA1FA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:hcltech:legacy_ivr:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5226101C-AEB5-4660-A9B6-C0F6EB6FA717\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller\u0027s physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller\u0027s earpiece).\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad permite un ataque de phreaking en los sistemas IVR heredados de HCL que no emplean VoIP. Estos sistemas IVR dependen de varias frecuencias de se\\u00f1ales de audio; se procesan ciertos comandos y funciones en base a dichas frecuencias. Ya que estas frecuentas se aceptan en una llamada telef\\u00f3nica, un atacante puede grabar estas frecuencias y emplearlas para realizar activaciones de servicios. Este es un problema de Request-Forgery cuando la serie de se\\u00f1ales DTMF requerida para activar un servicio es predecible (por ejemplo, el sistema IVR no comunica un nonce al llamante). En este caso, el sistema IVR acepta una petici\\u00f3n de activaci\\u00f3n de un canal menos seguro (cualquier altavoz en el entorno f\\u00edsico del llamante) sin verificar que la petici\\u00f3n sea intencional (coincide con un nonce que se ha enviado por medio de un canal m\\u00e1s seguro al auricular del llamante).\"}]",
      "id": "CVE-2018-11518",
      "lastModified": "2024-11-21T03:43:32.307",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-05-30T20:29:00.250",
      "references": "[{\"url\": \"http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://twitter.com/mishradhiraj_/status/1001664204485652482\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://twitter.com/mishradhiraj_/status/1001664440759091207\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://twitter.com/mishradhiraj_/status/1001664204485652482\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://twitter.com/mishradhiraj_/status/1001664440759091207\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-11518\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-05-30T20:29:00.250\",\"lastModified\":\"2024-11-21T03:43:32.307\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller\u0027s physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller\u0027s earpiece).\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad permite un ataque de phreaking en los sistemas IVR heredados de HCL que no emplean VoIP. Estos sistemas IVR dependen de varias frecuencias de se\u00f1ales de audio; se procesan ciertos comandos y funciones en base a dichas frecuencias. Ya que estas frecuentas se aceptan en una llamada telef\u00f3nica, un atacante puede grabar estas frecuencias y emplearlas para realizar activaciones de servicios. Este es un problema de Request-Forgery cuando la serie de se\u00f1ales DTMF requerida para activar un servicio es predecible (por ejemplo, el sistema IVR no comunica un nonce al llamante). En este caso, el sistema IVR acepta una petici\u00f3n de activaci\u00f3n de un canal menos seguro (cualquier altavoz en el entorno f\u00edsico del llamante) sin verificar que la petici\u00f3n sea intencional (coincide con un nonce que se ha enviado por medio de un canal m\u00e1s seguro al auricular del llamante).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hcltech:legacy_ivr_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9B9B1F8-7095-48BD-BAE3-E471BABBA1FA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hcltech:legacy_ivr:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5226101C-AEB5-4660-A9B6-C0F6EB6FA717\"}]}]}],\"references\":[{\"url\":\"http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/mishradhiraj_/status/1001664204485652482\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/mishradhiraj_/status/1001664440759091207\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/mishradhiraj_/status/1001664204485652482\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://twitter.com/mishradhiraj_/status/1001664440759091207\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…