cvelistv5 - cve-2018-0613

CVE-2018-0613 (GCVE-0-2018-0613)

Vulnerability from cvelistv5

Published

2018-07-26 17:00

Modified

2024-08-05 03:28

Severity ?

CWE

Fails to restrict access

Summary

References

URL

	Vendor	Product	Version
	NEC Platforms, Ltd.	Calsos CSDX and CSDJ series products	Version: CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00

gsd-2018-0613

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2018-0613

Aliases

CVE-2018-0613

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-0613",
    "description": "NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors.",
    "id": "GSD-2018-0613"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-0613"
      ],
      "details": "NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors.",
      "id": "GSD-2018-0613",
      "modified": "2023-12-13T01:22:24.542699Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2018-0613",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Calsos CSDX and CSDJ series products",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "NEC Platforms, Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Fails to restrict access"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.necplatforms.co.jp/product/enkaku/info180702.html",
            "refsource": "CONFIRM",
            "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
          },
          {
            "name": "JVN#63895206",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN63895206/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdx_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.37210411",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdx:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdx\\(p\\)_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.37210411",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdx\\(p\\):-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdx\\(s\\)_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.37210411",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdx\\(s\\):-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdx\\(d\\)_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.37210411",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdx\\(d\\):-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdj-b_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.03.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdj-b:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdj-d_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.03.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdj-d:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdj-h_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "01.03.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdj-h:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:necplatforms:calsos_csdj-a_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "03.00.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:necplatforms:calsos_csdj-a:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0613"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-269"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.necplatforms.co.jp/product/enkaku/info180702.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
            },
            {
              "name": "JVN#63895206",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN63895206/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-07-26T17:29Z"
    }
  }
}

cnvd-2019-26780

Vulnerability from cnvd

Title

NEC Platforms Calsos CSDX和CSDJ系列产品访问限制绕过漏洞

Description

NEC Platforms Calsos CSDX和CSDJ都是日本NEC Platforms公司的远程监控设备。 NEC Platforms Calsos CSDX和CSDJ系列产品中存在安全漏洞。远程攻击者可利用该漏洞绕过访问限制，以管理权限执行任意操作。

Severity

中

Patch Name

NEC Platforms Calsos CSDX和CSDJ系列产品访问限制绕过漏洞的补丁

Patch Description

NEC Platforms Calsos CSDX和CSDJ都是日本NEC Platforms公司的远程监控设备。 NEC Platforms Calsos CSDX和CSDJ系列产品中存在安全漏洞。远程攻击者可利用该漏洞绕过访问限制，以管理权限执行任意操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.necplatforms.co.jp/product/enkaku/info180702.html

Reference

https://www.necplatforms.co.jp/product/enkaku/info180702.html

Impacted products

Name
['NEC Platforms Calsos CSDX <=1.37210411', 'NEC Platforms CSDX(P) <=4.37210411', 'NEC Platforms CSDX(D) <=3.37210411', 'NEC Platforms CSDX(S) <=2.37210411', 'NEC Platforms CSDJ-B <=01.03.00', 'NEC Platforms CSDJ-H <=01.03.00', 'NEC Platforms CSDJ-D <=01.03.00', 'NEC Platforms CSDJ-A 03.00.00']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0613"
    }
  },
  "description": "NEC Platforms Calsos CSDX\u548cCSDJ\u90fd\u662f\u65e5\u672cNEC Platforms\u516c\u53f8\u7684\u8fdc\u7a0b\u76d1\u63a7\u8bbe\u5907\u3002\n\nNEC Platforms Calsos CSDX\u548cCSDJ\u7cfb\u5217\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8bbf\u95ee\u9650\u5236\uff0c\u4ee5\u7ba1\u7406\u6743\u9650\u6267\u884c\u4efb\u610f\u64cd\u4f5c\u3002",
  "discovererName": "NEC Platforms",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.necplatforms.co.jp/product/enkaku/info180702.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-26780",
  "openTime": "2019-08-12",
  "patchDescription": "NEC Platforms Calsos CSDX\u548cCSDJ\u90fd\u662f\u65e5\u672cNEC Platforms\u516c\u53f8\u7684\u8fdc\u7a0b\u76d1\u63a7\u8bbe\u5907\u3002\r\n\r\nNEC Platforms Calsos CSDX\u548cCSDJ\u7cfb\u5217\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8bbf\u95ee\u9650\u5236\uff0c\u4ee5\u7ba1\u7406\u6743\u9650\u6267\u884c\u4efb\u610f\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NEC Platforms Calsos CSDX\u548cCSDJ\u7cfb\u5217\u4ea7\u54c1\u8bbf\u95ee\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "NEC Platforms Calsos CSDX \u003c=1.37210411",
      "NEC Platforms CSDX(P) \u003c=4.37210411",
      "NEC Platforms CSDX(D) \u003c=3.37210411",
      "NEC Platforms CSDX(S) \u003c=2.37210411",
      "NEC Platforms CSDJ-B \u003c=01.03.00",
      "NEC Platforms CSDJ-H \u003c=01.03.00",
      "NEC Platforms CSDJ-D \u003c=01.03.00",
      "NEC Platforms CSDJ-A 03.00.00"
    ]
  },
  "referenceLink": "https://www.necplatforms.co.jp/product/enkaku/info180702.html",
  "serverity": "\u4e2d",
  "submitTime": "2019-07-24",
  "title": "NEC Platforms Calsos CSDX\u548cCSDJ\u7cfb\u5217\u4ea7\u54c1\u8bbf\u95ee\u9650\u5236\u7ed5\u8fc7\u6f0f\u6d1e"
}

fkie_cve-2018-0613

Vulnerability from fkie_nvd

Published

2018-07-26 17:29

Modified

2024-11-21 03:38

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN63895206/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.necplatforms.co.jp/product/enkaku/info180702.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN63895206/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.necplatforms.co.jp/product/enkaku/info180702.html	Vendor Advisory

Impacted products

Vendor	Product	Version
necplatforms	calsos_csdx_firmware	*
necplatforms	calsos_csdx	-
necplatforms	calsos_csdx\(p\)_firmware	*
necplatforms	calsos_csdx\(p\)	-
necplatforms	calsos_csdx\(s\)_firmware	*
necplatforms	calsos_csdx\(s\)	-
necplatforms	calsos_csdx\(d\)_firmware	*
necplatforms	calsos_csdx\(d\)	-
necplatforms	calsos_csdj-b_firmware	*
necplatforms	calsos_csdj-b	-
necplatforms	calsos_csdj-d_firmware	*
necplatforms	calsos_csdj-d	-
necplatforms	calsos_csdj-h_firmware	*
necplatforms	calsos_csdj-h	-
necplatforms	calsos_csdj-a_firmware	*
necplatforms	calsos_csdj-a	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdx_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "432A84D4-4983-4A60-B5E8-58C736F1DE4B",
              "versionEndIncluding": "1.37210411",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00656D53-88F9-4C4E-91B7-4E274AD1A11B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdx\\(p\\)_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F9BCFFF-ECEF-45C2-8BDC-E86A51E18D5C",
              "versionEndIncluding": "4.37210411",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdx\\(p\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6162989-0ED7-4D09-BE56-643FB752395C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdx\\(s\\)_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA2C4F9A-0A88-422D-9CD9-2D9E95A15975",
              "versionEndIncluding": "2.37210411",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdx\\(s\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB6FAD2D-57C5-4112-902F-4E086B1E594E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdx\\(d\\)_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D06D1AF5-7ABE-4F15-9126-06D1A5F3A9DC",
              "versionEndIncluding": "3.37210411",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdx\\(d\\):-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CD3DF49-F4C0-43FB-97CC-13B30D6A5320",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdj-b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FA4BEB9-6CDB-4E5A-B133-3A865280DA5E",
              "versionEndIncluding": "01.03.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdj-b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD1630C2-C70B-43BD-AB13-81C44972F2F2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdj-d_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41C3EAFC-9722-40FE-A29E-CF14AC96CEDE",
              "versionEndIncluding": "01.03.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdj-d:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF6B049D-8A7E-44F2-B913-9DB827C05078",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdj-h_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2B4D00-C163-4478-A112-576AE04865FE",
              "versionEndIncluding": "01.03.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdj-h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EDDA8B4-09DB-4CA7-AC39-066538067E13",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:necplatforms:calsos_csdj-a_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF2B3371-69A3-4F16-B478-8E0763114173",
              "versionEndIncluding": "03.00.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:necplatforms:calsos_csdj-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CEBBF8B-706B-40B7-A00E-E1E824BD5E1D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Los productos de las series Calsos CSDX y CSDJ de NEC Platforms (CSDX 1.37210411 y anteriores, CSDX(P) 4.37210411 y anteriores, CSDX(D) 3.37210411 y anteriores, CSDX(S) 2.37210411 y anteriores, CSDJ-B 01.03.00 y anteriores, CSDJ-H 01. 03.00 y anteriores, CSDJ-D 01.03.00 y anteriores, CSDJ-A 03.00.00) permiten a los atacantes autenticados remotos omitir la restricci\u00f3n de acceso para realizar operaciones arbitrarias con privilegios administrativos a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2018-0613",
  "lastModified": "2024-11-21T03:38:35.587",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-26T17:29:00.503",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN63895206/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN63895206/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors. Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. * Access Restriction Bypass (CWE-284) - CVE-2018-0613 * Cross-site scripting (CWE-79) - CVE-2018-0614 NEC Platforms, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinated under the Information Security Early Warning Partnership.* An arbitrary operation with administrative privilege may be performed by an attacker who logged in with the user privilege - CVE-2018-0613 * An arbitrary script may be executed on a logged in user's web browser - CVE-2018-0614. A remote attacker could exploit the vulnerability to bypass access restrictions and perform arbitrary operations with administrative privileges

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201807-1190",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "calsos csdj-a",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "03.00.00"
      },
      {
        "model": "calsos csdx",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "1.37210411"
      },
      {
        "model": "calsos csdj-d",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "01.03.00"
      },
      {
        "model": "calsos csdj-h",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "01.03.00"
      },
      {
        "model": "calsos csdj-b",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "01.03.00"
      },
      {
        "model": "calsos csdx\\",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "2.37210411"
      },
      {
        "model": "calsos csdx\\",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "3.37210411"
      },
      {
        "model": "calsos csdx\\",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "necplatforms",
        "version": "4.37210411"
      },
      {
        "model": "csdj",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "-a 03.00.00"
      },
      {
        "model": "csdj",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "-b 01.03.00"
      },
      {
        "model": "csdj",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "-d 01.03.00"
      },
      {
        "model": "csdj",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "-h 01.03.00"
      },
      {
        "model": "csdx",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "(d) 3.37210411"
      },
      {
        "model": "csdx",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "(p) 4.37210411"
      },
      {
        "model": "csdx",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "(s) 2.37210411"
      },
      {
        "model": "csdx",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec platforms",
        "version": "1.37210411"
      },
      {
        "model": "platforms calsos csdx",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=1.37210411"
      },
      {
        "model": "platforms csdx",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=4.37210411"
      },
      {
        "model": "platforms csdx",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=3.37210411"
      },
      {
        "model": "platforms csdx",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=2.37210411"
      },
      {
        "model": "platforms csdj-b",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=01.03.00"
      },
      {
        "model": "platforms csdj-h",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=01.03.00"
      },
      {
        "model": "platforms csdj-d",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=01.03.00"
      },
      {
        "model": "platforms csdj-a",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nec",
        "version": "03.00.00"
      },
      {
        "model": "calsos csdj-b",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "01.03.00"
      },
      {
        "model": "calsos csdj-a",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "03.00.00"
      },
      {
        "model": "calsos csdx\\",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "4.37210411"
      },
      {
        "model": "calsos csdj-h",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "01.03.00"
      },
      {
        "model": "calsos csdx\\",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "2.37210411"
      },
      {
        "model": "calsos csdx",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "1.37210411"
      },
      {
        "model": "calsos csdx\\",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "3.37210411"
      },
      {
        "model": "calsos csdj-d",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "necplatforms",
        "version": "01.03.00"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1900"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0613"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:necplatforms:nec_platforms_csdj",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:necplatforms:calsos_csdx_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      }
    ]
  },
  "cve": "CVE-2018-0613",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2018-0613",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 6.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000068",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000068",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2019-26780",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-118815",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2018-0613",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000068",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000068",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-0613",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2018-000068",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2018-000068",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-26780",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201807-1900",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-118815",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118815"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1900"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0613"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors. Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. * Access Restriction Bypass (CWE-284) - CVE-2018-0613 * Cross-site scripting (CWE-79) - CVE-2018-0614 NEC Platforms, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinated under the Information Security Early Warning Partnership.* An arbitrary operation with administrative privilege may be performed by an attacker who logged in with the user privilege - CVE-2018-0613 * An arbitrary script may be executed on a logged in user\u0027s web browser - CVE-2018-0614. A remote attacker could exploit the vulnerability to bypass access restrictions and perform arbitrary operations with administrative privileges",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0613"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118815"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0613",
        "trust": 3.1
      },
      {
        "db": "JVN",
        "id": "JVN63895206",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1900",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-26780",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-118815",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118815"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1900"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0613"
      }
    ]
  },
  "id": "VAR-201807-1190",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118815"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:38:45.010000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "NEC Platforms, Ltd. website ",
        "trust": 0.8,
        "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
      },
      {
        "title": "NEC Platforms Calsos CSDX and CSDJ Series Products Access Restricted Bypass Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/174499"
      },
      {
        "title": "NEC Platforms Calsos CSDX  and CSDJ Repair measures for series product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82645"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1900"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-269",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.9
      },
      {
        "problemtype": "CWE-79",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118815"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0613"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://jvn.jp/en/jp/jvn63895206/index.html"
      },
      {
        "trust": 2.3,
        "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0613"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0614"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0614"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0613"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118815"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1900"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0613"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118815"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1900"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0613"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      },
      {
        "date": "2018-07-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118815"
      },
      {
        "date": "2018-07-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "date": "2018-07-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-1900"
      },
      {
        "date": "2018-07-26T17:29:00.503000",
        "db": "NVD",
        "id": "CVE-2018-0613"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-26780"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118815"
      },
      {
        "date": "2019-07-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201807-1900"
      },
      {
        "date": "2024-11-21T03:38:35.587000",
        "db": "NVD",
        "id": "CVE-2018-0613"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1900"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in Calsos CSDX and CSDJ series products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000068"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201807-1900"
      }
    ],
    "trust": 0.6
  }
}

ghsa-w8v2-8j35-xjpg

Vulnerability from github

Published

2022-05-13 01:48

Modified

2022-05-13 01:48

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-0613"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-26T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier, CSDJ-A 03.00.00) allows remote authenticated attackers to bypass access restriction to conduct arbitrary operations with administrative privilege via unspecified vectors.",
  "id": "GHSA-w8v2-8j35-xjpg",
  "modified": "2022-05-13T01:48:19Z",
  "published": "2022-05-13T01:48:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0613"
    },
    {
      "type": "WEB",
      "url": "https://www.necplatforms.co.jp/product/enkaku/info180702.html"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN63895206/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2018-0613

Vulnerability from jvndb

Published

2018-07-02 15:22

Modified

2019-07-24 14:31

Severity ?

8.8 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in Calsos CSDX and CSDJ series products

Details

Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. * Access Restriction Bypass (CWE-284) - CVE-2018-0613 * Cross-site scripting (CWE-79) - CVE-2018-0614 NEC Platforms, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinated under the Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN63895206/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0613
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0614
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0613
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0614
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	NEC Platforms, Ltd.	CSDJ
	NEC Platforms, Ltd.	CSDJ
	NEC Platforms, Ltd.	CSDJ
	NEC Platforms, Ltd.	CSDJ
	NEC Platforms, Ltd.	CSDX
	NEC Platforms, Ltd.	CSDX
	NEC Platforms, Ltd.	CSDX
	NEC Platforms, Ltd.	CSDX

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000068.html",
  "dc:date": "2019-07-24T14:31+09:00",
  "dcterms:issued": "2018-07-02T15:22+09:00",
  "dcterms:modified": "2019-07-24T14:31+09:00",
  "description": "Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. \r\n\r\n* Access Restriction Bypass (CWE-284) - CVE-2018-0613\r\n* Cross-site scripting (CWE-79) - CVE-2018-0614\r\n\r\nNEC Platforms, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and NEC Platforms, Ltd. coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000068.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:necplatforms:nec_platforms_csdj",
      "@product": "CSDJ",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:necplatforms:nec_platforms_csdj",
      "@product": "CSDJ",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:necplatforms:nec_platforms_csdj",
      "@product": "CSDJ",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:necplatforms:nec_platforms_csdj",
      "@product": "CSDJ",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:necplatforms:calsos_csdx_firmware",
      "@product": "CSDX",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:necplatforms:calsos_csdx_firmware",
      "@product": "CSDX",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:necplatforms:calsos_csdx_firmware",
      "@product": "CSDX",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:necplatforms:calsos_csdx_firmware",
      "@product": "CSDX",
      "@vendor": "NEC Platforms, Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "6.5",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000068",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN63895206/index.html",
      "@id": "JVN#63895206",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0613",
      "@id": "CVE-2018-0613",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0614",
      "@id": "CVE-2018-0614",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0613",
      "@id": "CVE-2018-0613",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0614",
      "@id": "CVE-2018-0614",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple vulnerabilities in Calsos CSDX and CSDJ series products"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-0613 (GCVE-0-2018-0613)

Vulnerability from cvelistv5

gsd-2018-0613

Vulnerability from gsd

cnvd-2019-26780

Vulnerability from cnvd

fkie_cve-2018-0613

Vulnerability from fkie_nvd

var-201807-1190

Vulnerability from variot

ghsa-w8v2-8j35-xjpg

Vulnerability from github

cve-2018-0613

Vulnerability from jvndb

Tags

Sightings

Nomenclature