Sign-up

ID

VAR-201805-0942


CVE

CVE-2018-8862


TITLE

ATI Systems Emergency Mass Notification Systems False Alert Vulnerability

Trust: 0.8

sources: IVD: e2ebdd11-39ab-11e9-9ad3-000c29342cb1 // CNVD: CNVD-2018-07874

DESCRIPTION

In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms. 1. An authentication bypass vulnerability 2. A security-bypass vulnerability Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Acoustic HPSS16 and so on are the emergency reporting systems of Acoustic Technology Company in the United States. An authorization issue vulnerability exists in several Acoustic products. The following products are affected: Acoustic HPSS16; HPSS32; MHPSS; ALERT4000

Trust: 2.7

sources: NVD: CVE-2018-8862 // JVNDB: JVNDB-2018-005361 // CNVD: CNVD-2018-07874 // BID: 103721 // IVD: e2ebdd11-39ab-11e9-9ad3-000c29342cb1 // VULHUB: VHN-138894

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2ebdd11-39ab-11e9-9ad3-000c29342cb1 // CNVD: CNVD-2018-07874

AFFECTED PRODUCTS

vendor:atisystemmodel:hpss32scope:eqversion: -

Trust: 1.6

vendor:atisystemmodel:hpss16scope:eqversion: -

Trust: 1.6

vendor:atisystemmodel:alert4000scope:eqversion: -

Trust: 1.6

vendor:atisystemmodel:mhpssscope:eqversion: -

Trust: 1.6

vendor:atimodel:alert4000scope: - version: -

Trust: 0.8

vendor:atimodel:hpss16scope: - version: -

Trust: 0.8

vendor:atimodel:hpss32scope: - version: -

Trust: 0.8

vendor:atimodel:mhpssscope: - version: -

Trust: 0.8

vendor:atimodel:systems hpss16scope: - version: -

Trust: 0.6

vendor:atimodel:systems hpss32scope: - version: -

Trust: 0.6

vendor:atimodel:systems mhpssscope: - version: -

Trust: 0.6

vendor:atimodel:systems alert4000scope: - version: -

Trust: 0.6

vendor:atimodel:systems mhpssscope:eqversion:0

Trust: 0.3

vendor:atimodel:systems hpss32scope:eqversion:0

Trust: 0.3

vendor:atimodel:systems hpss16scope:eqversion:0

Trust: 0.3

vendor:atimodel:systems alert4000scope:eqversion:0

Trust: 0.3

vendor:hpss16model: - scope:eqversion: -

Trust: 0.2

vendor:hpss32model: - scope:eqversion: -

Trust: 0.2

vendor:mhpssmodel: - scope:eqversion: -

Trust: 0.2

vendor:alert4000model: - scope:eqversion: -

Trust: 0.2

sources: IVD: e2ebdd11-39ab-11e9-9ad3-000c29342cb1 // CNVD: CNVD-2018-07874 // BID: 103721 // JVNDB: JVNDB-2018-005361 // CNNVD: CNNVD-201805-873 // NVD: CVE-2018-8862

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-8862
value: LOW

Trust: 1.0

NVD: CVE-2018-8862
value: LOW

Trust: 0.8

CNVD: CNVD-2018-07874
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201805-873
value: LOW

Trust: 0.6

IVD: e2ebdd11-39ab-11e9-9ad3-000c29342cb1
value: LOW

Trust: 0.2

VULHUB: VHN-138894
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-8862
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-07874
severity: MEDIUM
baseScore: 4.6
vectorString: AV:A/AC:H/AU:N/C:N/I:C/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.2
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2ebdd11-39ab-11e9-9ad3-000c29342cb1
severity: MEDIUM
baseScore: 4.6
vectorString: AV:A/AC:H/AU:N/C:N/I:C/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.2
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-138894
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-8862
baseSeverity: LOW
baseScore: 3.1
vectorString: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: IVD: e2ebdd11-39ab-11e9-9ad3-000c29342cb1 // CNVD: CNVD-2018-07874 // VULHUB: VHN-138894 // JVNDB: JVNDB-2018-005361 // CNNVD: CNNVD-201805-873 // NVD: CVE-2018-8862

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-138894 // JVNDB: JVNDB-2018-005361 // NVD: CVE-2018-8862

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201805-873

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201805-873

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005361

PATCH
title:Mass Notification Productsurl:https://www.atisystem.com/products/
Trust: 0.8
title:Patch for ATI Systems Emergency Mass Notification Systems False Alert Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/126157
Trust: 0.6
title:Multiple Acoustic Product Authorization Issue Vulnerability Fixing Measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83716
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-07874 // 
            
            
            
            JVNDB: JVNDB-2018-005361 // 
            
            
            
            CNNVD: CNNVD-201805-873

EXTERNAL IDS
db:NVDid:CVE-2018-8862
Trust: 3.6
db:ICS CERTid:ICSA-18-100-01
Trust: 3.4
db:BIDid:103721
Trust: 2.0
db:CNVDid:CNVD-2018-07874
Trust: 0.8
db:CNNVDid:CNNVD-201805-873
Trust: 0.8
db:JVNDBid:JVNDB-2018-005361
Trust: 0.8
db:IVDid:E2EBDD11-39AB-11E9-9AD3-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-138894
Trust: 0.1
sources:
            
            
            IVD: e2ebdd11-39ab-11e9-9ad3-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-07874 // 
            
            
            
            VULHUB: VHN-138894 // 
            
            
            
            BID: 103721 // 
            
            
            
            JVNDB: JVNDB-2018-005361 // 
            
            
            
            CNNVD: CNNVD-201805-873 // 
            
            
            
            NVD: CVE-2018-8862

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-100-01
Trust: 3.4
url:http://www.securityfocus.com/bid/103721
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8862
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-8862
Trust: 0.8
url:https://www.atisystem.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-07874 // 
            
            
            
            VULHUB: VHN-138894 // 
            
            
            
            BID: 103721 // 
            
            
            
            JVNDB: JVNDB-2018-005361 // 
            
            
            
            CNNVD: CNNVD-201805-873 // 
            
            
            
            NVD: CVE-2018-8862

CREDITS
Balint Seeber of Bastille
Trust: 0.3
sources:
            
            
            BID: 103721

SOURCES
db:IVDid:e2ebdd11-39ab-11e9-9ad3-000c29342cb1
db:CNVDid:CNVD-2018-07874
db:VULHUBid:VHN-138894
db:BIDid:103721
db:JVNDBid:JVNDB-2018-005361
db:CNNVDid:CNNVD-201805-873
db:NVDid:CVE-2018-8862

LAST UPDATE DATE
2024-11-23T21:38:56.963000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-07874date:2018-04-19T00:00:00
db:VULHUBid:VHN-138894date:2019-10-09T00:00:00
db:BIDid:103721date:2018-04-10T00:00:00
db:JVNDBid:JVNDB-2018-005361date:2018-07-13T00:00:00
db:CNNVDid:CNNVD-201805-873date:2019-10-17T00:00:00
db:NVDid:CVE-2018-8862date:2024-11-21T04:14:28.583

SOURCES RELEASE DATE
db:IVDid:e2ebdd11-39ab-11e9-9ad3-000c29342cb1date:2018-04-19T00:00:00
db:CNVDid:CNVD-2018-07874date:2018-04-19T00:00:00
db:VULHUBid:VHN-138894date:2018-05-25T00:00:00
db:BIDid:103721date:2018-04-10T00:00:00
db:JVNDBid:JVNDB-2018-005361date:2018-07-13T00:00:00
db:CNNVDid:CNNVD-201805-873date:2018-05-25T00:00:00
db:NVDid:CVE-2018-8862date:2018-05-25T16:29:00.277