CVE-2018-11541

A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://gist.github.com/CyberSKR/0134dff8f48d2e7b87227c554404bfcb	Third Party Advisory
https://support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6+Release+Notes	Permissions Required Third Party Advisory
https://gist.github.com/CyberSKR/0134dff8f48d2e7b87227c554404bfcb	Third Party Advisory
https://support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6+Release+Notes	Permissions Required Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:ribboncommunications:sonus_sbc_1000_firmware:6.0.0:::::::*
	cpe:2.3:o:ribboncommunications:sonus_sbc_1000_firmware:6.1.0:::::::*
	cpe:2.3:o:ribboncommunications:sonus_sbc_1000_firmware:7.0.0:::::::*

cpe:2.3:h:ribboncommunications:sonus_sbc_1000:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:ribboncommunications:sonus_sbc_2000_firmware:6.0.0:::::::*
	cpe:2.3:o:ribboncommunications:sonus_sbc_2000_firmware:6.1.0:::::::*
	cpe:2.3:o:ribboncommunications:sonus_sbc_2000_firmware:7.0.0:::::::*

cpe:2.3:h:ribboncommunications:sonus_sbc_2000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:ribboncommunications:sbc_swe_lite_web:6.1.0:::::::*
	cpe:2.3:a:ribboncommunications:sbc_swe_lite_web:7.0.0:::::::*

History

21 Nov 2024, 03:43

Type	Values Removed	Values Added
References	~~() https://gist.github.com/CyberSKR/0134dff8f48d2e7b87227c554404bfcb - Third Party Advisory~~	() https://gist.github.com/CyberSKR/0134dff8f48d2e7b87227c554404bfcb - Third Party Advisory
References	~~() https://support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6+Release+Notes - Permissions Required, Third Party Advisory~~	() https://support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6+Release+Notes - Permissions Required, Third Party Advisory

Information

Published : 2018-07-09 12:29

Updated : 2024-11-21 03:43

NVD link : CVE-2018-11541

Mitre link : CVE-2018-11541

CVE.ORG link : CVE-2018-11541

JSON object : View

Products Affected

ribboncommunications

sonus_sbc_2000
sbc_swe_lite_web
sonus_sbc_2000_firmware
sonus_sbc_1000
sonus_sbc_1000_firmware

CWE

CWE-862

Missing Authorization

9.8 /10