CVE-2018-10696

{"id": "CVE-2018-10696", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-06-07T20:29:00.497", "references": [{"url": "http://packetstormsecurity.com/files/153223/Moxa-AWK-3121-1.14-Information-Disclosure-Command-Execution.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://github.com/samuelhuntley/Moxa_AWK_1121/blob/master/Moxa_AWK_1121", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://seclists.org/bugtraq/2019/Jun/8", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator into executing actions without his/her knowledge, as demonstrated by the forms/iw_webSetParameters and forms/webSetMainRestart URIs."}, {"lang": "es", "value": "Se encontr\u00f3 un problema en los dispositivos Moxa AWK-3121 versi\u00f3n 1.14. El dispositivo proporciona una interfaz web para permitir que un administrador controle el dispositivo. Sin embargo, esta interfaz no est\u00e1 protegida contra ataques CSRF, lo que permite a un atacante enga\u00f1ar a un administrador para que ejecute acciones sin su conocimiento, como lo demuestran los URIs forms/iw_webSetParameters y forms/webSetMainRestart."}], "lastModified": "2019-06-11T14:39:34.740", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:moxa:awk-3121_firmware:1.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B93963CF-F5C4-4191-BEC1-E8DC3F8CCE2B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:moxa:awk-3121:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CB3CD92C-362A-4A96-A09E-F04476A9D854"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}