CVE-2018-8939 - OpenCVE

An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ipswitch	Whatsup Gold

Configuration 1 [-]

cpe:2.3:a:ipswitch:whatsup_gold:*:*:*:*:*:*:*:*

References

Link	Resource
https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm	Release Notes Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-05-01T16:00:00

Updated: 2018-05-01T15:57:01

Reserved: 2018-03-22T00:00:00

Link: CVE-2018-8939

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-05-01T16:29:00.507

Modified: 2018-06-13T14:18:25.247

Link: CVE-2018-8939

JSON object: View

Redhat Information

No data.

CWE

CWE-918

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ipswitch:whatsup_gold:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5400871-5BDA-4A91-9B19-245DE0DFB5BA", "versionEndExcluding": "18.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad SSRF en NmAPI.exe en Ipswitch WhatsUp Gold en versiones anteriores al 2018 (18.0). Los actores maliciosos pueden enviar peticiones especialmente manipuladas mediante el ejecutable NmAPI para (1) obtener acceso no autorizado al sistema de WhatsUp Gold, (2) obtener informaci\u00f3n sobre el sistema de WhatsUp Gold o (3) ejecutar comandos remotos."}], "id": "CVE-2018-8939", "lastModified": "2018-06-13T14:18:25.247", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-01T16:29:00.507", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.ipswitch.com/NM/WhatsUpGold2018/01_ReleaseNotes/index.htm"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}