Lucene search

MitreCVE-2018-12925

HistoryJun 28, 2018 - 11:29 a.m.

CVE-2018-12925

2018-06-2811:29:00

CWE-521

mitre

web.nvd.nist.gov

cve

2018

12925

telnet

password

security

vulnerability

lantronix

mss

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

60.7%

JSON

Baseon Lantronix MSS devices do not require a password for TELNET access.

Affected configurations

Nvd

Node

lantronixmss_firmwareMatch-

AND

lantronixmssMatch-

VendorProductVersionCPE
lantronixmss_firmware-cpe:2.3:o:lantronix:mss_firmware:-:*:*:*:*:*:*:*
lantronixmss-cpe:2.3:h:lantronix:mss:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lantronix	mss_firmware	-	cpe:2.3:o:lantronix:mss_firmware:-:::::::*
lantronix	mss	-	cpe:2.3:h:lantronix:mss:-:::::::*

References

www.seebug.org/vuldb/ssvid-97375

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

60.7%

JSON

Related for CVE-2018-12925