Sign-up

ID

VAR-201811-0094


CVE

CVE-2018-17934


TITLE

NUUO CMS Path traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012289

DESCRIPTION

NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code. NUUO CMS Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO CMS is a central software management platform from NUUO. The platform is used to centrally manage NVR (DVR), IP cameras and other devices, and provides user management and alarm management. There are security vulnerabilities in NUUO CMS 3.3 and earlier

Trust: 2.34

sources: NVD: CVE-2018-17934 // JVNDB: JVNDB-2018-012289 // CNVD: CNVD-2018-24250 // IVD: e30139d0-39ab-11e9-bb41-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e30139d0-39ab-11e9-bb41-000c29342cb1 // CNVD: CNVD-2018-24250

AFFECTED PRODUCTS

vendor:nuuomodel:cmsscope:lteversion:3.3

Trust: 1.8

vendor:nuuomodel:cmsscope:lteversion:<=3.3

Trust: 0.6

vendor:nuuomodel:cmsscope:eqversion:3.3

Trust: 0.6

vendor:nuuo cmsmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e30139d0-39ab-11e9-bb41-000c29342cb1 // CNVD: CNVD-2018-24250 // JVNDB: JVNDB-2018-012289 // CNNVD: CNNVD-201811-798 // NVD: CVE-2018-17934

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-17934
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-17934
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-24250
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201811-798
value: CRITICAL

Trust: 0.6

IVD: e30139d0-39ab-11e9-bb41-000c29342cb1
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2018-17934
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-24250
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e30139d0-39ab-11e9-bb41-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-17934
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e30139d0-39ab-11e9-bb41-000c29342cb1 // CNVD: CNVD-2018-24250 // JVNDB: JVNDB-2018-012289 // CNNVD: CNNVD-201811-798 // NVD: CVE-2018-17934

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2018-012289 // NVD: CVE-2018-17934

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 151260 // CNNVD: CNNVD-201811-798

TYPE

Path traversal

Trust: 0.8

sources: IVD: e30139d0-39ab-11e9-bb41-000c29342cb1 // CNNVD: CNNVD-201811-798

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012289

PATCH
title:Central Management Systemurl:https://www.nuuo.com/ProductNode.php?node=3
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-012289

EXTERNAL IDS
db:NVDid:CVE-2018-17934
Trust: 3.3
db:ICS CERTid:ICSA-18-284-02
Trust: 2.4
db:CNVDid:CNVD-2018-24250
Trust: 0.8
db:CNNVDid:CNNVD-201811-798
Trust: 0.8
db:JVNDBid:JVNDB-2018-012289
Trust: 0.8
db:IVDid:E30139D0-39AB-11E9-BB41-000C29342CB1
Trust: 0.2
db:PACKETSTORMid:151260
Trust: 0.1
sources:
            
            
            IVD: e30139d0-39ab-11e9-bb41-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-24250 // 
            
            
            
            JVNDB: JVNDB-2018-012289 // 
            
            
            
            PACKETSTORM: 151260 // 
            
            
            
            CNNVD: CNNVD-201811-798 // 
            
            
            
            NVD: CVE-2018-17934

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-284-02
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2018-17934
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17934
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-17888
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-17890
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-17892
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-17936
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-17894
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-18982
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-24250 // 
            
            
            
            JVNDB: JVNDB-2018-012289 // 
            
            
            
            PACKETSTORM: 151260 // 
            
            
            
            CNNVD: CNNVD-201811-798 // 
            
            
            
            NVD: CVE-2018-17934

CREDITS
Pedro Ribeiro
Trust: 0.1
sources:
            
            
            PACKETSTORM: 151260

SOURCES
db:IVDid:e30139d0-39ab-11e9-bb41-000c29342cb1
db:CNVDid:CNVD-2018-24250
db:JVNDBid:JVNDB-2018-012289
db:PACKETSTORMid:151260
db:CNNVDid:CNNVD-201811-798
db:NVDid:CVE-2018-17934

LAST UPDATE DATE
2024-11-23T22:30:12.986000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-24250date:2018-11-29T00:00:00
db:JVNDBid:JVNDB-2018-012289date:2019-01-31T00:00:00
db:CNNVDid:CNNVD-201811-798date:2019-10-17T00:00:00
db:NVDid:CVE-2018-17934date:2024-11-21T03:55:14.387

SOURCES RELEASE DATE
db:IVDid:e30139d0-39ab-11e9-bb41-000c29342cb1date:2018-11-29T00:00:00
db:CNVDid:CNVD-2018-24250date:2018-11-29T00:00:00
db:JVNDBid:JVNDB-2018-012289date:2019-01-31T00:00:00
db:PACKETSTORMid:151260date:2019-01-21T23:02:22
db:CNNVDid:CNNVD-201811-798date:2018-11-28T00:00:00
db:NVDid:CVE-2018-17934date:2018-11-27T20:29:00.860