CVE-2018-10576

{"id": "CVE-2018-10576", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2018-04-30T22:29:00.373", "references": [{"url": "http://seclists.org/fulldisclosure/2018/May/12", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000LIy", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/45409/", "source": "cve@mitre.org"}, {"url": "https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300-security-vulnerability-fixes", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user)."}, {"lang": "es", "value": "Se ha descubierto un problema en los dispositivos WatchGuard AP100, AP102 y AP200 con firmware en versiones anteriores a la 1.2.9.15. La gesti\u00f3n de autenticaci\u00f3n incorrecta por parte de la interfaz web de usuario de Access Point permite la autenticaci\u00f3n por medio de una cuenta del sistema local (en lugar de un usuario dedicado exclusivo de la web)."}], "lastModified": "2018-09-16T10:29:00.947", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:watchguard:ap200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "263A0D62-FCC4-4374-8E2F-1393140D68B0", "versionEndExcluding": "1.2.9.15"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:watchguard:ap200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5C6FA1D0-016C-4B73-9BC4-83848A1A6D04"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:watchguard:ap102_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA60491C-1B5B-4E23-B27D-4285E3F71E99", "versionEndExcluding": "1.2.9.15"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:watchguard:ap102:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6E009741-C76C-49F3-83A4-4BB17D1A9510"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:watchguard:ap100_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "428B2A59-5F74-4685-B6A9-F0CC9AFEE949", "versionEndExcluding": "1.2.9.15"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:watchguard:ap100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8379C407-E7DC-4193-9BD0-5BAE24E637B8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}