Lucene search

MitreCVE-2018-10123

HistoryMay 16, 2018 - 1:29 p.m.

CVE-2018-10123

2018-05-1613:29:00

mitre

web.nvd.nist.gov

cve-2018-10123

p910nd

inteno iopsys

remote attackers

arbitrary files

tcp port 9100

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.013

Percentile

86.1%

JSON

p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100.

Affected configurations

Nvd

Node

intenogroupiopsys_firmwareRange2.0–4.2.0

AND

intenogroupiopsysMatch-

VendorProductVersionCPE
intenogroupiopsys_firmware*cpe:2.3:o:intenogroup:iopsys_firmware:*:*:*:*:*:*:*:*
intenogroupiopsys-cpe:2.3:h:intenogroup:iopsys:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intenogroup	iopsys_firmware	*	cpe:2.3:o:intenogroup:iopsys_firmware::::::::
intenogroup	iopsys	-	cpe:2.3:h:intenogroup:iopsys:-:::::::*

References

neonsea.uk/blog/2018/04/15/pwn910nd.html

www.exploit-db.com/exploits/44635/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.013

Percentile

86.1%

JSON

Related for CVE-2018-10123