Sign-up

ID

VAR-201905-0987


CVE

CVE-2018-7084


TITLE

Aruba Instant Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015807

DESCRIPTION

A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete files, or reboot the device. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.1. Aruba Instant Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SCALANCE W1750D is prone to following security vulnerabilities: 1. Multiple information disclosure vulnerabilities 2. A cross-site-scripting vulnerability 3. This can allow the attacker to steal cookie-based authentication credentials and aid in further attacks. Versions prior to SCALANCE W1750D 8.4.0.1 are vulnerable

Trust: 1.98

sources: NVD: CVE-2018-7084 // JVNDB: JVNDB-2018-015807 // BID: 108374 // VULMON: CVE-2018-7084

AFFECTED PRODUCTS

vendor:arubanetworksmodel:aruba instantscope:gteversion:8.3.0

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:ltversion:4.2.4.12

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:ltversion:8.3.0.6

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:ltversion:8.4.0.1

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:gteversion:6.5.0

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:ltversion:6.5.4.11

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:gteversion:8.4.0

Trust: 1.0

vendor:arubanetworksmodel:aruba instantscope:gteversion:4.0

Trust: 1.0

vendor:arubamodel:instant apscope: - version: -

Trust: 0.8

vendor:siemensmodel:scalance w1750dscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:scalance w1750dscope:neversion:8.4.0.1

Trust: 0.3

sources: BID: 108374 // JVNDB: JVNDB-2018-015807 // NVD: CVE-2018-7084

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2018-7084
value: CRITICAL

Trust: 1.8

CNNVD: CNNVD-201903-058
value: CRITICAL

Trust: 0.6

VULMON: CVE-2018-7084
value: HIGH

Trust: 0.1

VULMON: CVE-2018-7084
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

NVD: CVE-2018-7084
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 1.8

sources: VULMON: CVE-2018-7084 // JVNDB: JVNDB-2018-015807 // CNNVD: CNNVD-201903-058 // NVD: CVE-2018-7084

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-77

Trust: 0.8

sources: JVNDB: JVNDB-2018-015807 // NVD: CVE-2018-7084

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-058

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201903-058

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2018-7084

PATCH
title:ARUBA-PSA-2019-001url:https://www.arubanetworks.com/assets/alert/aruba-psa-2019-001.txt
Trust: 0.8
title:Aruba Networks Instant Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=98211
Trust: 0.6
title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=f04f471bbc12c6e00cc683978d7f0589
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-7084 // 
            
            
            
            JVNDB: JVNDB-2018-015807 // 
            
            
            
            CNNVD: CNNVD-201903-058

EXTERNAL IDS
db:NVDid:CVE-2018-7084
Trust: 2.8
db:BIDid:108374
Trust: 2.0
db:ICS CERTid:ICSA-19-134-07
Trust: 1.8
db:SIEMENSid:SSA-549547
Trust: 1.7
db:JVNDBid:JVNDB-2018-015807
Trust: 0.8
db:ICS CERTid:ICSA-19-134-02
Trust: 0.6
db:AUSCERTid:ESB-2019.1716.2
Trust: 0.6
db:CNNVDid:CNNVD-201903-058
Trust: 0.6
db:VULMONid:CVE-2018-7084
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-7084 // 
            
            
            
            BID: 108374 // 
            
            
            
            JVNDB: JVNDB-2018-015807 // 
            
            
            
            CNNVD: CNNVD-201903-058 // 
            
            
            
            NVD: CVE-2018-7084

REFERENCES
url:http://www.securityfocus.com/bid/108374
Trust: 2.4
url:https://www.arubanetworks.com/assets/alert/aruba-psa-2019-001.txt
Trust: 1.7
url:https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-7084
Trust: 1.4
url:https://ics-cert.us-cert.gov/advisories/icsa-19-134-07
Trust: 1.0
url:http://www.siemens.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7084
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-19-134-07
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsa-19-134-02-0
Trust: 0.6
url:https://vigilance.fr/vulnerability/alcatel-lucent-enterprise-omniaccess-wlan-instant-multiple-vulnerabilities-28646
Trust: 0.6
url:https://www.auscert.org.au/bulletins/80946
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-7084 // 
            
            
            
            BID: 108374 // 
            
            
            
            JVNDB: JVNDB-2018-015807 // 
            
            
            
            CNNVD: CNNVD-201903-058 // 
            
            
            
            NVD: CVE-2018-7084

CREDITS
Siemens reported these vulnerabilities to NCCIC.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201903-058

SOURCES
db:VULMONid:CVE-2018-7084
db:BIDid:108374
db:JVNDBid:JVNDB-2018-015807
db:CNNVDid:CNNVD-201903-058
db:NVDid:CVE-2018-7084

LAST UPDATE DATE
2022-05-04T08:54:12.738000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2018-7084date:2020-08-24T00:00:00
db:BIDid:108374date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2018-015807date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201903-058date:2020-10-28T00:00:00
db:NVDid:CVE-2018-7084date:2020-08-24T17:37:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2018-7084date:2019-05-10T00:00:00
db:BIDid:108374date:2019-05-14T00:00:00
db:JVNDBid:JVNDB-2018-015807date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201903-058date:2019-03-04T00:00:00
db:NVDid:CVE-2018-7084date:2019-05-10T18:29:00