Sign-up

ID

VAR-201810-0496


CVE

CVE-2018-17917


TITLE

Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-011248

DESCRIPTION

All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps. focuses on security monitoring and video intelligence research and development. Multiple security weaknesses 2. Security bypass vulnerability Successfully exploiting these issues allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, bypass the authentication mechanism and gain unauthorized access. This may aid in launching further attacks

Trust: 2.61

sources: NVD: CVE-2018-17917 // JVNDB: JVNDB-2018-011248 // CNVD: CNVD-2018-20454 // BID: 105722 // IVD: e2fcf412-39ab-11e9-a6e8-000c29342cb1

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2fcf412-39ab-11e9-a6e8-000c29342cb1 // CNVD: CNVD-2018-20454

AFFECTED PRODUCTS

vendor:xiongmaitechmodel:xmeye p2p cloud serverscope:eqversion:*

Trust: 1.0

vendor:xiongmaimodel:xmeye p2p cloud serverscope: - version: -

Trust: 0.8

vendor:xiongmai informationmodel:ip camerasscope: - version: -

Trust: 0.6

vendor:xiongmai informationmodel:nvrs and dvrs incl. 3rd party oem devicesscope: - version: -

Trust: 0.6

vendor:xiongmaitechmodel:xmeye p2p cloud serverscope: - version: -

Trust: 0.6

vendor: - model:xiongmai technology xmeye p2p cloud serverscope:eqversion:0

Trust: 0.3

vendor:xmeye p2p cloud servermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2fcf412-39ab-11e9-a6e8-000c29342cb1 // CNVD: CNVD-2018-20454 // BID: 105722 // JVNDB: JVNDB-2018-011248 // CNNVD: CNNVD-201810-499 // NVD: CVE-2018-17917

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-17917
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-17917
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-20454
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201810-499
value: MEDIUM

Trust: 0.6

IVD: e2fcf412-39ab-11e9-a6e8-000c29342cb1
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2018-17917
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-20454
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2fcf412-39ab-11e9-a6e8-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-17917
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: IVD: e2fcf412-39ab-11e9-a6e8-000c29342cb1 // CNVD: CNVD-2018-20454 // JVNDB: JVNDB-2018-011248 // CNNVD: CNNVD-201810-499 // NVD: CVE-2018-17917

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

problemtype:CWE-341

Trust: 1.0

sources: JVNDB: JVNDB-2018-011248 // NVD: CVE-2018-17917

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-499

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201810-499

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011248

PATCH
title:Top Pageurl:http://www.xiongmaitech.com/en/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-011248

EXTERNAL IDS
db:NVDid:CVE-2018-17917
Trust: 3.5
db:ICS CERTid:ICSA-18-282-06
Trust: 2.7
db:CNVDid:CNVD-2018-20454
Trust: 0.8
db:CNNVDid:CNNVD-201810-499
Trust: 0.8
db:JVNDBid:JVNDB-2018-011248
Trust: 0.8
db:BIDid:105722
Trust: 0.3
db:IVDid:E2FCF412-39AB-11E9-A6E8-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2fcf412-39ab-11e9-a6e8-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-20454 // 
            
            
            
            BID: 105722 // 
            
            
            
            JVNDB: JVNDB-2018-011248 // 
            
            
            
            CNNVD: CNNVD-201810-499 // 
            
            
            
            NVD: CVE-2018-17917

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-282-06
Trust: 2.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17917
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-17917
Trust: 0.8
url:https://seclists.org/fulldisclosure/2018/oct/22
Trust: 0.6
url:https://www.xmeye.net/index
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-20454 // 
            
            
            
            BID: 105722 // 
            
            
            
            JVNDB: JVNDB-2018-011248 // 
            
            
            
            CNNVD: CNNVD-201810-499 // 
            
            
            
            NVD: CVE-2018-17917

CREDITS
Stefan Viehböck on behalf of SEC Consult Vulnerability Lab
Trust: 0.3
sources:
            
            
            BID: 105722

SOURCES
db:IVDid:e2fcf412-39ab-11e9-a6e8-000c29342cb1
db:CNVDid:CNVD-2018-20454
db:BIDid:105722
db:JVNDBid:JVNDB-2018-011248
db:CNNVDid:CNNVD-201810-499
db:NVDid:CVE-2018-17917

LAST UPDATE DATE
2024-11-23T22:12:19.187000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-20454date:2018-10-10T00:00:00
db:BIDid:105722date:2018-10-09T00:00:00
db:JVNDBid:JVNDB-2018-011248date:2019-01-09T00:00:00
db:CNNVDid:CNNVD-201810-499date:2019-10-17T00:00:00
db:NVDid:CVE-2018-17917date:2024-11-21T03:55:12.310

SOURCES RELEASE DATE
db:IVDid:e2fcf412-39ab-11e9-a6e8-000c29342cb1date:2018-10-10T00:00:00
db:CNVDid:CNVD-2018-20454date:2018-10-10T00:00:00
db:BIDid:105722date:2018-10-09T00:00:00
db:JVNDBid:JVNDB-2018-011248date:2019-01-09T00:00:00
db:CNNVDid:CNNVD-201810-499date:2018-10-11T00:00:00
db:NVDid:CVE-2018-17917date:2018-10-10T15:29:00.363