CVE-2018-0669 - OpenCVE

INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. This is a different vulnerability than CVE-2018-0670.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Mnc	Inplc-rt

Configuration 1 [-]

cpe:2.3:a:mnc:inplc-rt:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.mnc.co.jp/INplc/info_20180907_E.htm	Vendor Advisory
https://jvn.jp/en/jp/JVN59624986/index.html	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2019-01-09T22:00:00

Updated: 2019-01-09T21:57:01

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0669

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-01-09T23:29:01.637

Modified: 2019-02-11T13:57:26.070

Link: CVE-2018-0669

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "INplc-RT", "vendor": "MICRONET CORPORATION", "versions": [{"status": "affected", "version": "3.08 and earlier"}]}], "datePublic": "2019-01-09T00:00:00", "descriptions": [{"lang": "en", "value": "INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. This is a different vulnerability than CVE-2018-0670."}], "problemTypes": [{"descriptions": [{"description": "Authentication bypass", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-01-09T21:57:01", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.mnc.co.jp/INplc/info_20180907_E.htm"}, {"name": "JVN#59624986", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "https://jvn.jp/en/jp/JVN59624986/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2018-0669", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "INplc-RT", "version": {"version_data": [{"version_value": "3.08 and earlier"}]}}]}, "vendor_name": "MICRONET CORPORATION"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. This is a different vulnerability than CVE-2018-0670."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Authentication bypass"}]}]}, "references": {"reference_data": [{"name": "http://www.mnc.co.jp/INplc/info_20180907_E.htm", "refsource": "MISC", "url": "http://www.mnc.co.jp/INplc/info_20180907_E.htm"}, {"name": "JVN#59624986", "refsource": "JVN", "url": "https://jvn.jp/en/jp/JVN59624986/index.html"}]}}}}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2018-0669", "datePublished": "2019-01-09T22:00:00", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2019-01-09T21:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mnc:inplc-rt:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4E4AF42-2328-49A1-A2FA-C193AD793048", "versionEndIncluding": "3.08", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. This is a different vulnerability than CVE-2018-0670."}, {"lang": "es", "value": "INplc-RT 3.08 y anteriores permite a los atacantes remotos omitir la autenticaci\u00f3n para ejecutar un comando arbitrario a trav\u00e9s del tr\u00e1fico \"protocol-compliant\". Esta vulnerabilidad es diferente de CVE-2018-0670."}], "id": "CVE-2018-0669", "lastModified": "2019-02-11T13:57:26.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-09T23:29:01.637", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "http://www.mnc.co.jp/INplc/info_20180907_E.htm"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN59624986/index.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}