CVE-2018-19879

{"id": "CVE-2018-19879", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 7.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 2.8}]}, "published": "2019-03-28T17:29:00.427", "references": [{"url": "https://wiki.teltonika.lt/index.php?title=RUT9xx_Firmware", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.triadsec.com/CVE-2018-19879.pdf", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-307"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user's password."}, {"lang": "es", "value": "Se ha descubierto un fallo en /cgi-bin/luci en dispositivos de Teltonika RTU9XX (p.ej., RUT950), desde R_31.04.89 hasta R_00.05.00.5. La funcionalidad de autenticaci\u00f3n no est\u00e1 protegida contra herramientas autom\u00e1ticas que se utilizan para efectuar intentos de inicio de sesi\u00f3n en la aplicaci\u00f3n. Un atacante an\u00f3nimo tiene la capacidad de realizar intentos de inicio de sesi\u00f3n ilimitados con una herramienta automatizada. Esta capacidad podr\u00eda conducir a la adivinaci\u00f3n de la contrase\u00f1a de un usuario objetivo."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:teltonika:rut950_firmware:r_31.04.89:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D947C1F-AD43-49AB-97DC-D7540AB3D939"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:teltonika:rut950:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4CE17C85-9A69-41FB-AB96-0DCAB72309A0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}