Sign-up

ID

VAR-201809-0900


CVE

CVE-2018-14327


TITLE

EE EE40VB 4G Vulnerabilities related to authorization, authority, and access control in mobile broadband modems

Trust: 0.8

sources: JVNDB: JVNDB-2018-013248

DESCRIPTION

The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory. EE EE40VB 4G Mobile broadband modems contain vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The 4GEEWiFiMini is a portable wireless router. A local elevation of privilege vulnerability exists in versions prior to 4GEEWiFiMiniEE40_00_02.00_45, which can be exploited by local attackers to gain elevated system privileges. EE 4GEE WiFi Mini is prone to a local privilege-escalation vulnerability. Versions prior to 4GEE WiFi Mini EE40_00_02.00_45 are vulnerable

Trust: 2.52

sources: NVD: CVE-2018-14327 // JVNDB: JVNDB-2018-013248 // CNVD: CNVD-2018-20089 // BID: 105385 // VULMON: CVE-2018-14327

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-20089

AFFECTED PRODUCTS

vendor:eemodel:ee40vbscope:ltversion:ee40_00_02.00_45

Trust: 1.0

vendor:eemodel:4gee wifiscope:ltversion:ee40_00_02.00_45

Trust: 0.8

vendor:eemodel:4gee wifi mini <ee40 00 02.00 45scope: - version: -

Trust: 0.6

vendor:eemodel:4gee wifi miniscope:eqversion:0

Trust: 0.3

vendor:eemodel:4gee wifi mini ee40 00 02.00 45scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2018-20089 // BID: 105385 // JVNDB: JVNDB-2018-013248 // NVD: CVE-2018-14327

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14327
value: HIGH

Trust: 1.0

NVD: CVE-2018-14327
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-20089
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201809-1116
value: HIGH

Trust: 0.6

VULMON: CVE-2018-14327
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-14327
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-20089
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-14327
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-20089 // VULMON: CVE-2018-14327 // JVNDB: JVNDB-2018-013248 // CNNVD: CNNVD-201809-1116 // NVD: CVE-2018-14327

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2018-013248 // NVD: CVE-2018-14327

THREAT TYPE

local

Trust: 0.9

sources: BID: 105385 // CNNVD: CNNVD-201809-1116

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201809-1116

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013248

EXPLOIT AVAILABILITY
sources:
            
            
            VULMON: CVE-2018-14327

PATCH
title:Top Pageurl:https://ee.co.uk/
Trust: 0.8
title:4GEEWiFiMini local privilege escalation vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/141225
Trust: 0.6
title:4GEE WiFi Mini Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85164
Trust: 0.6
title:Exp101tsArchiv30thersurl:https://github.com/nu11secur1ty/Exp101tsArchiv30thers 
Trust: 0.1
title: - url:https://github.com/lnick2023/nicenice 
Trust: 0.1
title:awesome-cve-poc_qazbnm456url:https://github.com/xbl3/awesome-cve-poc_qazbnm456 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-20089 // 
            
            
            
            VULMON: CVE-2018-14327 // 
            
            
            
            JVNDB: JVNDB-2018-013248 // 
            
            
            
            CNNVD: CNNVD-201809-1116

EXTERNAL IDS
db:NVDid:CVE-2018-14327
Trust: 3.4
db:PACKETSTORMid:149492
Trust: 2.3
db:BIDid:105385
Trust: 2.0
db:EXPLOIT-DBid:45501
Trust: 1.7
db:JVNDBid:JVNDB-2018-013248
Trust: 0.8
db:CNVDid:CNVD-2018-20089
Trust: 0.6
db:CNNVDid:CNNVD-201809-1116
Trust: 0.6
db:VULMONid:CVE-2018-14327
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-20089 // 
            
            
            
            VULMON: CVE-2018-14327 // 
            
            
            
            BID: 105385 // 
            
            
            
            JVNDB: JVNDB-2018-013248 // 
            
            
            
            CNNVD: CNNVD-201809-1116 // 
            
            
            
            NVD: CVE-2018-14327

REFERENCES
url:https://osandamalith.com/2018/09/17/ee-4gee-mini-local-privilege-escalation-vulnerability-cve-2018-14327/
Trust: 2.8
url:http://packetstormsecurity.com/files/149492/ee-4gee-mini-local-privilege-escalation.html
Trust: 2.3
url:http://blog.zerodaylab.com/2018/09/zerodaylab-discovers-ee-unquoted.html
Trust: 2.0
url:http://www.securityfocus.com/bid/105385
Trust: 1.8
url:https://www.exploit-db.com/exploits/45501/
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14327
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-14327
Trust: 0.8
url:https://ee.co.uk/help/phones-and-device/ee/4gee-wifi
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/732.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-20089 // 
            
            
            
            VULMON: CVE-2018-14327 // 
            
            
            
            BID: 105385 // 
            
            
            
            JVNDB: JVNDB-2018-013248 // 
            
            
            
            CNNVD: CNNVD-201809-1116 // 
            
            
            
            NVD: CVE-2018-14327

CREDITS
Osanda Malith Jayathissa
Trust: 0.3
sources:
            
            
            BID: 105385

SOURCES
db:CNVDid:CNVD-2018-20089
db:VULMONid:CVE-2018-14327
db:BIDid:105385
db:JVNDBid:JVNDB-2018-013248
db:CNNVDid:CNNVD-201809-1116
db:NVDid:CVE-2018-14327

LAST UPDATE DATE
2024-11-23T22:00:18.087000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-20089date:2018-09-29T00:00:00
db:VULMONid:CVE-2018-14327date:2019-10-03T00:00:00
db:BIDid:105385date:2018-09-17T00:00:00
db:JVNDBid:JVNDB-2018-013248date:2019-02-18T00:00:00
db:CNNVDid:CNNVD-201809-1116date:2019-10-23T00:00:00
db:NVDid:CVE-2018-14327date:2024-11-21T03:48:49.520

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-20089date:2018-09-28T00:00:00
db:VULMONid:CVE-2018-14327date:2018-09-26T00:00:00
db:BIDid:105385date:2018-09-17T00:00:00
db:JVNDBid:JVNDB-2018-013248date:2019-02-18T00:00:00
db:CNNVDid:CNNVD-201809-1116date:2018-09-26T00:00:00
db:NVDid:CVE-2018-14327date:2018-09-26T22:29:00.310