CVE-2018-19014

{"id": "CVE-2018-19014", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2019-01-28T22:29:00.397", "references": [{"url": "http://www.securityfocus.com/bid/106683", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.securityfocus.com/bid/106683", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration."}, {"lang": "es", "value": "Todas las versiones de los siguientes programas de Drager Infinity Delta: Infinity Delta, Delta XL, Kappa y Infinity Explorer C700. Se puede acceder a los archivos de registro en una conexi\u00f3n de red no autenticada. El acceso a estos archivos permite al atacante conocer los componentes internos del monitor del paciente, la localizaci\u00f3n de dicho monitor y la configuraci\u00f3n de red por cable."}], "lastModified": "2024-11-21T03:57:10.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draeger:kappa_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7808691-D8D7-4BE0-995C-836980A21683"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draeger:kappa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ED40C0B7-16B1-40F9-8BB4-A663DD969746"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draeger:infinity_explorer_c700_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACD85169-9127-4017-99BF-A862540358FD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draeger:infinity_explorer_c700:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "23628C4D-D7CD-46C1-B3E7-097D68EB689B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draeger:delta_xl_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D620EF1-5976-4F2D-B56D-ACE14A4A92C9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draeger:delta_xl:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1B3D2079-9DCB-4218-8DF9-E33485D7402A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:draeger:infinity_delta_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AF77F47-64CB-44D6-A715-A88E88F5ED4C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:draeger:infinity_delta:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "882CC533-800F-4813-A4C2-1F4A72724A57"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}