var-201805-0942
Vulnerability from variot
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms. 1. An authentication bypass vulnerability 2. A security-bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Acoustic HPSS16 and so on are the emergency reporting systems of Acoustic Technology Company in the United States. An authorization issue vulnerability exists in several Acoustic products. The following products are affected: Acoustic HPSS16; HPSS32; MHPSS; ALERT4000
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0942",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hpss32",
"scope": "eq",
"trust": 1.6,
"vendor": "atisystem",
"version": null
},
{
"model": "hpss16",
"scope": "eq",
"trust": 1.6,
"vendor": "atisystem",
"version": null
},
{
"model": "alert4000",
"scope": "eq",
"trust": 1.6,
"vendor": "atisystem",
"version": null
},
{
"model": "mhpss",
"scope": "eq",
"trust": 1.6,
"vendor": "atisystem",
"version": null
},
{
"model": "alert4000",
"scope": null,
"trust": 0.8,
"vendor": "ati",
"version": null
},
{
"model": "hpss16",
"scope": null,
"trust": 0.8,
"vendor": "ati",
"version": null
},
{
"model": "hpss32",
"scope": null,
"trust": 0.8,
"vendor": "ati",
"version": null
},
{
"model": "mhpss",
"scope": null,
"trust": 0.8,
"vendor": "ati",
"version": null
},
{
"model": "systems hpss16",
"scope": null,
"trust": 0.6,
"vendor": "ati",
"version": null
},
{
"model": "systems hpss32",
"scope": null,
"trust": 0.6,
"vendor": "ati",
"version": null
},
{
"model": "systems mhpss",
"scope": null,
"trust": 0.6,
"vendor": "ati",
"version": null
},
{
"model": "systems alert4000",
"scope": null,
"trust": 0.6,
"vendor": "ati",
"version": null
},
{
"model": "systems mhpss",
"scope": "eq",
"trust": 0.3,
"vendor": "ati",
"version": "0"
},
{
"model": "systems hpss32",
"scope": "eq",
"trust": 0.3,
"vendor": "ati",
"version": "0"
},
{
"model": "systems hpss16",
"scope": "eq",
"trust": 0.3,
"vendor": "ati",
"version": "0"
},
{
"model": "systems alert4000",
"scope": "eq",
"trust": 0.3,
"vendor": "ati",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "hpss16",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "hpss32",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mhpss",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "alert4000",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2ebdd11-39ab-11e9-9ad3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07874"
},
{
"db": "BID",
"id": "103721"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005361"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-873"
},
{
"db": "NVD",
"id": "CVE-2018-8862"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:atisystem:alert4000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:atisystem:hpss16_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:atisystem:hpss32_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:atisystem:mhpss_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005361"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Balint Seeber of Bastille",
"sources": [
{
"db": "BID",
"id": "103721"
}
],
"trust": 0.3
},
"cve": "CVE-2018-8862",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "CVE-2018-8862",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-07874",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.2,
"id": "e2ebdd11-39ab-11e9-9ad3-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:N/I:C/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "VHN-138894",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.6,
"id": "CVE-2018-8862",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-8862",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2018-8862",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2018-07874",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-873",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "e2ebdd11-39ab-11e9-9ad3-000c29342cb1",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-138894",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2ebdd11-39ab-11e9-9ad3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07874"
},
{
"db": "VULHUB",
"id": "VHN-138894"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005361"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-873"
},
{
"db": "NVD",
"id": "CVE-2018-8862"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms. \n1. An authentication bypass vulnerability\n2. A security-bypass vulnerability\nAttackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Acoustic HPSS16 and so on are the emergency reporting systems of Acoustic Technology Company in the United States. An authorization issue vulnerability exists in several Acoustic products. The following products are affected: Acoustic HPSS16; HPSS32; MHPSS; ALERT4000",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8862"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005361"
},
{
"db": "CNVD",
"id": "CNVD-2018-07874"
},
{
"db": "BID",
"id": "103721"
},
{
"db": "IVD",
"id": "e2ebdd11-39ab-11e9-9ad3-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-138894"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8862",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-100-01",
"trust": 3.4
},
{
"db": "BID",
"id": "103721",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2018-07874",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-873",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005361",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2EBDD11-39AB-11E9-9AD3-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-138894",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2ebdd11-39ab-11e9-9ad3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07874"
},
{
"db": "VULHUB",
"id": "VHN-138894"
},
{
"db": "BID",
"id": "103721"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005361"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-873"
},
{
"db": "NVD",
"id": "CVE-2018-8862"
}
]
},
"id": "VAR-201805-0942",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2ebdd11-39ab-11e9-9ad3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07874"
},
{
"db": "VULHUB",
"id": "VHN-138894"
}
],
"trust": 1.775
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2ebdd11-39ab-11e9-9ad3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07874"
}
]
},
"last_update_date": "2024-11-23T21:38:56.963000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Mass Notification Products",
"trust": 0.8,
"url": "https://www.atisystem.com/products/"
},
{
"title": "Patch for ATI Systems Emergency Mass Notification Systems False Alert Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/126157"
},
{
"title": "Multiple Acoustic Product Authorization Issue Vulnerability Fixing Measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83716"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07874"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005361"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-873"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138894"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005361"
},
{
"db": "NVD",
"id": "CVE-2018-8862"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-100-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/103721"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8862"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8862"
},
{
"trust": 0.3,
"url": "https://www.atisystem.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07874"
},
{
"db": "VULHUB",
"id": "VHN-138894"
},
{
"db": "BID",
"id": "103721"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005361"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-873"
},
{
"db": "NVD",
"id": "CVE-2018-8862"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2ebdd11-39ab-11e9-9ad3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07874"
},
{
"db": "VULHUB",
"id": "VHN-138894"
},
{
"db": "BID",
"id": "103721"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005361"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-873"
},
{
"db": "NVD",
"id": "CVE-2018-8862"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-19T00:00:00",
"db": "IVD",
"id": "e2ebdd11-39ab-11e9-9ad3-000c29342cb1"
},
{
"date": "2018-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07874"
},
{
"date": "2018-05-25T00:00:00",
"db": "VULHUB",
"id": "VHN-138894"
},
{
"date": "2018-04-10T00:00:00",
"db": "BID",
"id": "103721"
},
{
"date": "2018-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005361"
},
{
"date": "2018-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-873"
},
{
"date": "2018-05-25T16:29:00.277000",
"db": "NVD",
"id": "CVE-2018-8862"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07874"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138894"
},
{
"date": "2018-04-10T00:00:00",
"db": "BID",
"id": "103721"
},
{
"date": "2018-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005361"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-873"
},
{
"date": "2024-11-21T04:14:28.583000",
"db": "NVD",
"id": "CVE-2018-8862"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-873"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ATI Systems Emergency Mass Notification Systems False Alert Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2ebdd11-39ab-11e9-9ad3-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07874"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-873"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.