CVE-2018-15123 - OpenCVE

Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Zipato	Zipabox Firmware Zipabox

Configuration 1 [-]

AND

cpe:2.3:o:zipato:zipabox_firmware:118:*:*:*:*:*:*:*

cpe:2.3:h:zipato:zipabox:-:*:*:*:*:*:*:*

References

Link	Resource
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-003-zipato-zipabox-insecure-configuration-storage/	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Kaspersky

Published: 2018-08-08T00:00:00

Updated: 2018-08-13T20:57:01

Reserved: 2018-08-06T00:00:00

Link: CVE-2018-15123

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-08-13T21:48:01.353

Modified: 2019-10-03T00:03:26.223

Link: CVE-2018-15123

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "Zipato Zipabox Smart Home Controller", "vendor": "Kaspersky Lab", "versions": [{"status": "affected", "version": "BOARD REV - 1"}, {"status": "affected", "version": "SYSTEM VERSION -118"}]}], "datePublic": "2018-08-08T00:00:00", "descriptions": [{"lang": "en", "value": "Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home."}], "problemTypes": [{"descriptions": [{"description": "Insecure configuration storage", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-13T20:57:01", "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-003-zipato-zipabox-insecure-configuration-storage/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerability@kaspersky.com", "DATE_PUBLIC": "2018-08-08T00:00:00", "ID": "CVE-2018-15123", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Zipato Zipabox Smart Home Controller", "version": {"version_data": [{"version_value": "BOARD REV - 1"}, {"version_value": "SYSTEM VERSION -118"}]}}]}, "vendor_name": "Kaspersky Lab"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insecure configuration storage"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-003-zipato-zipabox-insecure-configuration-storage/", "refsource": "MISC", "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-003-zipato-zipabox-insecure-configuration-storage/"}]}}}}, "cveMetadata": {"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "assignerShortName": "Kaspersky", "cveId": "CVE-2018-15123", "datePublished": "2018-08-08T00:00:00", "dateReserved": "2018-08-06T00:00:00", "dateUpdated": "2018-08-13T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zipato:zipabox_firmware:118:*:*:*:*:*:*:*", "matchCriteriaId": "6217A685-8A45-4CE6-AD09-2686F0D77DB2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zipato:zipabox:-:*:*:*:*:*:*:*", "matchCriteriaId": "A337B85F-C7BD-4B11-9ED5-8740958BEB3F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home."}, {"lang": "es", "value": "Almacenamiento de configuraci\u00f3n no segura en Zipato Zipabox Smart Home Controller BOARD REV - 1 con versi\u00f3n de sistema 118 permite que un atacante remoto realice nuevos vectores de ataque y tome el control del dispositivo y del hogar inteligente."}], "id": "CVE-2018-15123", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-13T21:48:01.353", "references": [{"source": "vulnerability@kaspersky.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-003-zipato-zipabox-insecure-configuration-storage/"}], "sourceIdentifier": "vulnerability@kaspersky.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}