Details of VAR-201801-1348

ID

VAR-201801-1348

CVE

CVE-2018-5777

TITLE

Ipswitch WhatsUp Gold Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-001597

DESCRIPTION

An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 (17.1.1). Remote clients can take advantage of a misconfiguration in the TFTP server that could allow attackers to execute arbitrary commands on the TFTP server via unspecified vectors. Ipswitch WhatsUp Gold Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Ipswitch WhatsUp Gold is a set of unified infrastructure and application monitoring software from Ipswitch in the United States. The software supports the performance management of networks, servers, virtual environments and applications. There is a security vulnerability in Ipswitch WhatsUp Gold 2017 Plus SP1 (17.1.1) and earlier versions, the vulnerability is caused by a misconfiguration of the TFTP server

Trust: 1.71

sources: NVD: CVE-2018-5777 // JVNDB: JVNDB-2018-001597 // VULHUB: VHN-135809

AFFECTED PRODUCTS

vendor:	progress	model:	whatsup gold	scope:	lt	version:	17.1.1	Trust: 1.0
vendor:	ipswitch	model:	whatsup gold	scope:	lt	version:	2017 plus sp1 (17.1.1)	Trust: 0.8
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	7.0	Trust: 0.6
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	8.03	Trust: 0.6
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	15.02	Trust: 0.6
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	8.01	Trust: 0.6
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	16.3	Trust: 0.6
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	7.03	Trust: 0.6
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	7.04	Trust: 0.6
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	8.0	Trust: 0.6
vendor:	ipswitch	model:	whatsup gold	scope:	eq	version:	11	Trust: 0.6

sources: JVNDB: JVNDB-2018-001597 // CNNVD: CNNVD-201801-915 // NVD: CVE-2018-5777

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-5777
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-5777
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201801-915
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-135809
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-5777
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-135809
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-5777
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-135809 // JVNDB: JVNDB-2018-001597 // CNNVD: CNNVD-201801-915 // NVD: CVE-2018-5777

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-135809 // JVNDB: JVNDB-2018-001597 // NVD: CVE-2018-5777

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-915

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201801-915

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001597

PATCH

title:	Release Notes for Ipswitch WhatsUp Gold	url:	https://docs.ipswitch.com/NM/WhatsUpGold2017Plus/01_ReleaseNotes/17PlusSP1/#link4	Trust: 0.8
title:	Ipswitch WhatsUp Gold Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78052	Trust: 0.6

sources: JVNDB: JVNDB-2018-001597 // CNNVD: CNNVD-201801-915

EXTERNAL IDS

db:	NVD	id:	CVE-2018-5777	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-001597	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-915	Trust: 0.7
db:	VULHUB	id:	VHN-135809	Trust: 0.1

sources: VULHUB: VHN-135809 // JVNDB: JVNDB-2018-001597 // CNNVD: CNNVD-201801-915 // NVD: CVE-2018-5777

REFERENCES

url:	https://docs.ipswitch.com/nm/whatsupgold2017plus/01_releasenotes/17plussp1/#link4	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5777	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5777	Trust: 0.8

sources: VULHUB: VHN-135809 // JVNDB: JVNDB-2018-001597 // CNNVD: CNNVD-201801-915 // NVD: CVE-2018-5777

SOURCES

db:	VULHUB	id:	VHN-135809
db:	JVNDB	id:	JVNDB-2018-001597
db:	CNNVD	id:	CNNVD-201801-915
db:	NVD	id:	CVE-2018-5777

LAST UPDATE DATE

2024-11-23T22:59:07.288000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-135809	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-001597	date:	2018-02-26T00:00:00
db:	CNNVD	id:	CNNVD-201801-915	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-5777	date:	2024-11-21T04:09:22.390

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-135809	date:	2018-01-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-001597	date:	2018-02-26T00:00:00
db:	CNNVD	id:	CNNVD-201801-915	date:	2018-01-25T00:00:00
db:	NVD	id:	CVE-2018-5777	date:	2018-01-24T15:29:01.277