CVE-2018-0676

{"id": "CVE-2018-0676", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-01-09T23:29:01.793", "references": [{"url": "https://jvn.jp/en/jp/JVN65082538/index.html", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://p3.support.panasonic.com/faq/show/5017?&site_domain=p3", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/en/jp/JVN65082538/index.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://p3.support.panasonic.com/faq/show/5017?&site_domain=p3", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors."}, {"lang": "es", "value": "BN-SDWBP3, con firmware 1.0.9 y anteriores, permite a un atacante en el mismo segmento de red omitir la autenticaci\u00f3n para acceder a la pantalla de gesti\u00f3n y ejecutar un comando arbitrario mediante vectores sin especificar."}], "lastModified": "2024-11-21T03:38:43.257", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:panasonic:bn-sdwbp3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66ADD8DF-CEA0-4B87-979F-0852F475BA82", "versionEndIncluding": "1.0.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:panasonic:bn-sdwbp3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9E706E01-319D-4E5B-96CB-67A6DCBD3F6C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vultures@jpcert.or.jp"}