Sign-up

ID

VAR-201803-1883


CVE

CVE-2018-9148


TITLE

Western Digital WD My Cloud Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003467

DESCRIPTION

Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authentication bypass within a product that uses My Cloud. Western Digital WD My Cloud Contains an authentication vulnerability. This vulnerability CVE-2018-7171 And related issues.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2018-9148 // JVNDB: JVNDB-2018-003467 // VULHUB: VHN-139180

AFFECTED PRODUCTS

vendor:westerndigitalmodel:my cloudscope:eqversion:04.05.00-320

Trust: 1.0

vendor:western digitalmodel:my cloudscope:eqversion:04.05.00-320

Trust: 0.8

vendor:wdcmodel:my cloudscope:eqversion:04.05.00-320

Trust: 0.6

sources: JVNDB: JVNDB-2018-003467 // CNNVD: CNNVD-201804-042 // NVD: CVE-2018-9148

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-9148
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-9148
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201804-042
value: CRITICAL

Trust: 0.6

VULHUB: VHN-139180
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-9148
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-139180
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-9148
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-139180 // JVNDB: JVNDB-2018-003467 // CNNVD: CNNVD-201804-042 // NVD: CVE-2018-9148

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-139180 // JVNDB: JVNDB-2018-003467 // NVD: CVE-2018-9148

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-042

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201804-042

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003467

PATCH
title:My Cloudurl:https://support.wdc.com/product.aspx?ID=904&lang=jp
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-003467

EXTERNAL IDS
db:NVDid:CVE-2018-9148
Trust: 2.5
db:EXPLOIT-DBid:44350
Trust: 2.5
db:JVNDBid:JVNDB-2018-003467
Trust: 0.8
db:CNNVDid:CNNVD-201804-042
Trust: 0.7
db:VULHUBid:VHN-139180
Trust: 0.1
sources:
            
            
            VULHUB: VHN-139180 // 
            
            
            
            JVNDB: JVNDB-2018-003467 // 
            
            
            
            CNNVD: CNNVD-201804-042 // 
            
            
            
            NVD: CVE-2018-9148

REFERENCES
url:https://exploit-db.com/exploits/44350/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9148
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-9148
Trust: 0.8
url:https://www.exploit-db.com/exploits/44350/
Trust: 0.8
sources:
            
            
            VULHUB: VHN-139180 // 
            
            
            
            JVNDB: JVNDB-2018-003467 // 
            
            
            
            CNNVD: CNNVD-201804-042 // 
            
            
            
            NVD: CVE-2018-9148

SOURCES
db:VULHUBid:VHN-139180
db:JVNDBid:JVNDB-2018-003467
db:CNNVDid:CNNVD-201804-042
db:NVDid:CVE-2018-9148

LAST UPDATE DATE
2024-11-23T22:12:37.981000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-139180date:2019-05-28T00:00:00
db:JVNDBid:JVNDB-2018-003467date:2018-05-24T00:00:00
db:CNNVDid:CNNVD-201804-042date:2019-05-29T00:00:00
db:NVDid:CVE-2018-9148date:2024-11-21T04:15:04.677

SOURCES RELEASE DATE
db:VULHUBid:VHN-139180date:2018-03-30T00:00:00
db:JVNDBid:JVNDB-2018-003467date:2018-05-24T00:00:00
db:CNNVDid:CNNVD-201804-042date:2018-03-30T00:00:00
db:NVDid:CVE-2018-9148date:2018-03-30T19:29:00.397