CVE-2018-15723

{"id": "CVE-2018-15723", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-12-20T21:29:00.777", "references": [{"url": "https://www.tenable.com/security/research/tra-2018-47", "tags": ["Exploit", "Third Party Advisory"], "source": "vulnreport@tenable.com"}, {"url": "https://www.tenable.com/security/research/tra-2018-47", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "vulnreport@tenable.com", "description": [{"lang": "en", "value": "CWE-346"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo)."}, {"lang": "es", "value": "Logitech Harmony Hub, en versiones anteriores a la 4.15.206, es vulnerable a una inyecci\u00f3n de comandos a nivel de aplicaci\u00f3n mediante una petici\u00f3n HTTP manipulada. Un atacante remoto no autenticado puede aprovechar esta vulnerabilidad para ejecutar comandos definidos por la aplicaci\u00f3n (por ejemplo, harmony.system?systeminfo)."}], "lastModified": "2024-11-21T03:51:20.690", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:logitech:harmony_hub_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1A7B59C-D2E9-4A22-9BFC-1B51E310C2B7", "versionEndExcluding": "4.15.206"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:logitech:harmony_hub:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BDBF64B5-F971-4A8F-A76B-A5DF75D23DF5"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vulnreport@tenable.com"}