Sign-up

ID

VAR-201811-0095


CVE

CVE-2018-17936


TITLE

NUUO CMS Vulnerable to unlimited upload of dangerous types of files

Trust: 0.8

sources: JVNDB: JVNDB-2018-012290

DESCRIPTION

NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution. NUUO CMS Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO CMS is a central software management platform of NUUO. The platform is used to centrally manage NVR (hard disk video recorders), IP cameras and other equipment, and provides functions such as user management and alarm management. There are security vulnerabilities in NUUO CMS 3.3 and earlier versions

Trust: 2.34

sources: NVD: CVE-2018-17936 // JVNDB: JVNDB-2018-012290 // CNVD: CNVD-2018-24251 // IVD: e30160de-39ab-11e9-b7a4-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e30160de-39ab-11e9-b7a4-000c29342cb1 // CNVD: CNVD-2018-24251

AFFECTED PRODUCTS

vendor:nuuomodel:cmsscope:lteversion:3.3

Trust: 1.8

vendor:nuuomodel:cmsscope:lteversion:<=3.3

Trust: 0.6

vendor:nuuomodel:cmsscope:eqversion:3.3

Trust: 0.6

vendor:nuuo cmsmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e30160de-39ab-11e9-b7a4-000c29342cb1 // CNVD: CNVD-2018-24251 // JVNDB: JVNDB-2018-012290 // CNNVD: CNNVD-201811-799 // NVD: CVE-2018-17936

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-17936
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-17936
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-24251
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201811-799
value: CRITICAL

Trust: 0.6

IVD: e30160de-39ab-11e9-b7a4-000c29342cb1
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2018-17936
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-24251
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e30160de-39ab-11e9-b7a4-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-17936
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e30160de-39ab-11e9-b7a4-000c29342cb1 // CNVD: CNVD-2018-24251 // JVNDB: JVNDB-2018-012290 // CNNVD: CNNVD-201811-799 // NVD: CVE-2018-17936

PROBLEMTYPE DATA

problemtype:CWE-434

Trust: 1.8

sources: JVNDB: JVNDB-2018-012290 // NVD: CVE-2018-17936

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 151260 // CNNVD: CNNVD-201811-799

TYPE

Code problem

Trust: 0.8

sources: IVD: e30160de-39ab-11e9-b7a4-000c29342cb1 // CNNVD: CNNVD-201811-799

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012290

PATCH
title:Central Management Systemurl:https://www.nuuo.com/ProductNode.php?node=3
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-012290

EXTERNAL IDS
db:NVDid:CVE-2018-17936
Trust: 3.3
db:ICS CERTid:ICSA-18-284-02
Trust: 2.4
db:CNVDid:CNVD-2018-24251
Trust: 0.8
db:CNNVDid:CNNVD-201811-799
Trust: 0.8
db:JVNDBid:JVNDB-2018-012290
Trust: 0.8
db:PACKETSTORMid:151781
Trust: 0.6
db:IVDid:E30160DE-39AB-11E9-B7A4-000C29342CB1
Trust: 0.2
db:PACKETSTORMid:151260
Trust: 0.1
sources:
            
            
            IVD: e30160de-39ab-11e9-b7a4-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-24251 // 
            
            
            
            JVNDB: JVNDB-2018-012290 // 
            
            
            
            PACKETSTORM: 151260 // 
            
            
            
            CNNVD: CNNVD-201811-799 // 
            
            
            
            NVD: CVE-2018-17936

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-284-02
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2018-17936
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17936
Trust: 0.8
url:https://packetstormsecurity.com/files/151781/nuuo-central-management-server-2.4-authenticated-arbitrary-file-upload.html
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-17888
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-17890
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-17892
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-17934
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-17894
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-18982
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-24251 // 
            
            
            
            JVNDB: JVNDB-2018-012290 // 
            
            
            
            PACKETSTORM: 151260 // 
            
            
            
            CNNVD: CNNVD-201811-799 // 
            
            
            
            NVD: CVE-2018-17936

CREDITS
Pedro Ribeiro
Trust: 0.7
sources:
            
            
            PACKETSTORM: 151260 // 
            
            
            
            CNNVD: CNNVD-201811-799

SOURCES
db:IVDid:e30160de-39ab-11e9-b7a4-000c29342cb1
db:CNVDid:CNVD-2018-24251
db:JVNDBid:JVNDB-2018-012290
db:PACKETSTORMid:151260
db:CNNVDid:CNNVD-201811-799
db:NVDid:CVE-2018-17936

LAST UPDATE DATE
2024-11-23T22:30:16.676000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-24251date:2020-03-10T00:00:00
db:JVNDBid:JVNDB-2018-012290date:2019-01-31T00:00:00
db:CNNVDid:CNNVD-201811-799date:2019-10-17T00:00:00
db:NVDid:CVE-2018-17936date:2024-11-21T03:55:14.620

SOURCES RELEASE DATE
db:IVDid:e30160de-39ab-11e9-b7a4-000c29342cb1date:2018-11-29T00:00:00
db:CNVDid:CNVD-2018-24251date:2018-11-29T00:00:00
db:JVNDBid:JVNDB-2018-012290date:2019-01-31T00:00:00
db:PACKETSTORMid:151260date:2019-01-21T23:02:22
db:CNNVDid:CNNVD-201811-799date:2018-11-28T00:00:00
db:NVDid:CVE-2018-17936date:2018-11-27T20:29:00.893