VAR-201809-0244

Vulnerability from variot - Updated: 2023-12-18 12:56

An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03. There is an authorization problem vulnerability in KONE KGC versions prior to 4.6.5. Attackers can exploit this vulnerability to bypass access restrictions and access FTP. These were discovered during a black box assessment and therefore the vulnerability list should not be considered exhaustive. Its purpose is to optimize the operation of a group of elevators, and it allows features such as destination calls and locking and unlocking floors. Group controller is not an essential component of an elevator control system and vulnerabilities in KGC do not affect the safety of the elevators connected to the group. More information at https://www.kone.com/en/vulnerability.aspx

Affected Software And Versions

  • KONE KGC version 4.6.4 and below

CVE

The following CVEs were assigned to the issues described in this report: CVE-2018-15483 CVE-2018-15484 CVE-2018-15485 CVE-2018-15486

Vulnerability Overview

  1. CVE-2018-15484: Unauthenticated Remote Code Execution
  2. CVE-2018-15486: Unauthenticated Local File Inclusion / Unauthenticated Local File modification
  3. CVE-2018-15483: Denial of Service

Vulnerability Details


CVE-2018-15484: Unauthenticated Remote Code Execution

By modifying the file autoexec.bat via the web interface using an unauthenticated local file modification method (see CVE-2018-15486), an attacker can inject arbitrary operating systems commands, which get executed at boot time. To trigger a reboot, an HTTP GET request to /reboot has to be made. This enables an attacker to compromise the integrity of all software running on the device.

This includes specific autoexec commands but also the full range of command.com (operating system) commands regarding to FreeDOS.

Injecting an interactive command, such as the help command, effectively prevents the KGC from booting up again and therefore causes a Denial of Service Attack (CVE-2018-15483).


CVE-2018-15486: Unauthenticated Local File Inclusion / Unauthenticated Local File modification


By modifying the name parameter of the file endpoint, any file the webserver has access to can be viewed.

GET /file?name=secret.txt HTTP/1.1 Host:

However, more importantly, by modifying the name parameter of the editfile endpoint, any file can be modified:

GET /editfile?name=secret.txt HTTP/1.1 Host:

After calling the endpoint above, the file to edit is presented in a textbox for modification. This way, attackers can choose from a wide range of attack scenarios, e.g., persisting backdoors in files such as KERNEL.SYS, enable access to floors, they wouldn't have access to in normal cases (KGC config files) or carry out DNS redirection- and Man-in-the-Middle attacks. The latter could be achieved by modifying the DNS parameter or the default gateway, respectively:

[ETHERNET] card=7 : DHCP on or off [0-1] : Attacker would switch to 0 dhcp=0 : Static IP address [IP] : Set a static IP ip= : Subnet mask [IP] mask= : Default gateway [IP] : Change gateway default_gateway= : DNS [IP] dns= : Host name [string] host_name=KGC_1

This way, an attacker could read and modify all the data transmitted over the wires.

A user that connects to that port is logged in as SuperUser, with needing a username or password (also blank usernames and passwords are accepted).

$ ftp -p Connected to . 220 KGC FTP Server ready Name (:username): 331 User name okay, need password. Password: 230 SuperUser logged in, proceed. Remote system type is WIN32.

This way all available data can be downloaded and new data can be uploaded to the KGC.


CVE-2018-15483: Denial of Service

There are several possible ways to cause a denial of service on the KGC. One of them is the possibility to reboot the system via the web interface. An attacker could reboot the system every time it boots back up to interrupt the service and cause a denial of service attack:

GET /reboot HTTP/1.1 Host:

Author

The vulnerabilities were discovered by Sebastian Neuner (@sebastian9er) from the Google Security Team.

Timeline

2018/05/10 - Security report sent to KONE security. 2018/05/11 - KONE acknowledges the report and starts working on the issues. 2018/05/25 - KONE requested grace period due to internal patch cycle. 2018/05/25 - Google granted grace period until patch available and being deployed. 2018/08/06 - Public disclosure on the bugtraq Mailing List

Show details on source website

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201809-0244",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "group controller",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "kone",
        "version": "4.6.5"
      },
      {
        "model": "group controller",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "kone",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010250"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15485"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-354"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:kone:group_controller_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.6.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:kone:group_controller:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-15485"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sebastian Neuner",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "149252"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2018-15485",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-15485",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-125749",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 9.1,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-15485",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-15485",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201809-354",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-125749",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-125749"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010250"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15485"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-354"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03. There is an authorization problem vulnerability in KONE KGC versions prior to 4.6.5. Attackers can exploit this vulnerability to bypass access restrictions and access FTP. \nThese were discovered during a black box assessment and therefore the\nvulnerability list should not be considered exhaustive. Its purpose is\nto optimize the operation of a group of elevators, and it allows\nfeatures such as destination calls and locking and unlocking floors. \nGroup controller is not an essential component of an elevator control\nsystem and vulnerabilities in KGC do not affect the safety of the\nelevators connected to the group. \nMore information at https://www.kone.com/en/vulnerability.aspx\n\n\nAffected Software And Versions\n==============================\n- KONE KGC version 4.6.4 and below\n\n\nCVE\n===\nThe following CVEs were assigned to the issues described in this report:\nCVE-2018-15483\nCVE-2018-15484\nCVE-2018-15485\nCVE-2018-15486\n\n\nVulnerability Overview\n======================\n 01. CVE-2018-15484: Unauthenticated Remote Code Execution\n 02. CVE-2018-15486: Unauthenticated Local File Inclusion /\nUnauthenticated Local File modification\n 03. CVE-2018-15483: Denial of Service\n\n\nVulnerability Details\n=====================\n\n\n---------------------------------------------\nCVE-2018-15484: Unauthenticated Remote Code Execution\n---------------------------------------------\n\nBy modifying the file autoexec.bat via the web interface using an\nunauthenticated local file modification method (see CVE-2018-15486),\nan attacker can inject arbitrary operating systems commands, which get\nexecuted at boot time. To trigger a reboot, an HTTP GET request to\n/reboot has to be made. This enables an attacker to compromise the\nintegrity of all software running on the device. \n\nThis includes specific autoexec commands but also the full range of\ncommand.com (operating system) commands regarding to FreeDOS. \n\nInjecting an interactive command, such as the help command,\neffectively prevents the KGC from booting up again and therefore\ncauses a Denial of Service Attack (CVE-2018-15483). \n\n\n--------------------------------------------------\nCVE-2018-15486: Unauthenticated Local File Inclusion / Unauthenticated\nLocal File modification\n--------------------------------------------------\n\nBy modifying the name parameter of the file endpoint, any file the\nwebserver has access to can be viewed. \n\nGET /file?name=secret.txt HTTP/1.1\nHost: \u003credacted\u003e\n\nHowever, more importantly, by modifying the name parameter of the\neditfile endpoint, any file can be modified:\n\nGET /editfile?name=secret.txt HTTP/1.1\nHost: \u003credacted\u003e\n\nAfter calling the endpoint above, the file to edit is presented in a\ntextbox for modification. \nThis way, attackers can choose from a wide range of attack scenarios,\ne.g., persisting backdoors in files such as KERNEL.SYS, enable access\nto floors, they wouldn\u0027t have access to in normal cases (KGC config\nfiles) or carry out DNS redirection- and Man-in-the-Middle attacks. \nThe latter could be achieved by modifying the DNS parameter or the\ndefault gateway, respectively:\n\n[ETHERNET]\ncard=7\n: DHCP on or off [0-1]\n: Attacker would switch to 0\ndhcp=0\n: Static IP address [IP]\n: Set a static IP\nip=\u003cstatic IP\u003e\n: Subnet mask [IP]\nmask=\u003cappropriate mask\u003e\n: Default gateway [IP]\n: Change gateway\ndefault_gateway=\u003cattacker controlled gateway\u003e\n: DNS [IP]\ndns=\u003cattacker controlled dns server\u003e\n: Host name [string]\nhost_name=KGC_1\n\nThis way, an attacker could read and modify all the data transmitted\nover the wires. \n\nA user that connects to that port is logged in as SuperUser, with\nneeding a username or password (also blank usernames and passwords are\naccepted). \n\n$ ftp -p \u003credacted-IP\u003e\nConnected to \u003credacted-IP\u003e. \n220 KGC FTP Server ready\nName (\u003credacted-IP\u003e:username): \u003cblank\u003e\n331 User name okay, need password. \nPassword: \u003cblank\u003e\n230 SuperUser logged in, proceed. \nRemote system type is WIN32. \n\nThis way all available data can be downloaded and new data can be\nuploaded to the KGC. \n\n\n---------------------------------------------\nCVE-2018-15483: Denial of Service\n---------------------------------------------\n\nThere are several possible ways to cause a denial of service on the KGC. \nOne of them is the possibility to reboot the system via the web\ninterface. An attacker could reboot the system every time it boots\nback up to interrupt the service and cause a denial of service attack:\n\nGET /reboot HTTP/1.1\nHost: \u003credacted\u003e\n\n\nAuthor\n======\nThe vulnerabilities were discovered by Sebastian Neuner\n(@sebastian9er) from the Google Security Team. \n\n\nTimeline\n========\n2018/05/10 - Security report sent to KONE security. \n2018/05/11 - KONE acknowledges the report and starts working on the issues. \n2018/05/25 - KONE requested grace period due to internal patch cycle. \n2018/05/25 - Google granted grace period until patch available and\nbeing deployed. \n2018/08/06 - Public disclosure on the bugtraq Mailing List",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-15485"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010250"
      },
      {
        "db": "VULHUB",
        "id": "VHN-125749"
      },
      {
        "db": "PACKETSTORM",
        "id": "149252"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-15485",
        "trust": 2.6
      },
      {
        "db": "PACKETSTORM",
        "id": "149252",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010250",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-354",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-125749",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-125749"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010250"
      },
      {
        "db": "PACKETSTORM",
        "id": "149252"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15485"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-354"
      }
    ]
  },
  "id": "VAR-201809-0244",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-125749"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:56:49.502000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Vulnerabilities in KONE Group Controller (KGC)",
        "trust": 0.8,
        "url": "https://www.kone.com/en/vulnerability.aspx"
      },
      {
        "title": "KONE Group Controller Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84668"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010250"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-354"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-125749"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010250"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15485"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://www.kone.com/en/vulnerability.aspx"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/149252/kone-kgc-4.6.4-dos-code-execution-lfi-bypass.html"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15485"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15485"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15486"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15483"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15484"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-125749"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010250"
      },
      {
        "db": "PACKETSTORM",
        "id": "149252"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15485"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-354"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-125749"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010250"
      },
      {
        "db": "PACKETSTORM",
        "id": "149252"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-15485"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-354"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-09-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-125749"
      },
      {
        "date": "2018-12-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-010250"
      },
      {
        "date": "2018-09-06T14:15:46",
        "db": "PACKETSTORM",
        "id": "149252"
      },
      {
        "date": "2018-09-07T22:29:01.353000",
        "db": "NVD",
        "id": "CVE-2018-15485"
      },
      {
        "date": "2018-09-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-354"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-11-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-125749"
      },
      {
        "date": "2018-12-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-010250"
      },
      {
        "date": "2018-11-13T19:06:22.063000",
        "db": "NVD",
        "id": "CVE-2018-15485"
      },
      {
        "date": "2020-07-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201809-354"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-354"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "KONE Group Controller Authentication vulnerabilities in devices",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-010250"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201809-354"
      }
    ],
    "trust": 0.6
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…