Merge branch 'release/2018_11_06'

Author: ahouseholder

README.md

@@ -1,11 +1,13 @@
 # CERT Coordination Center Vulnerability Data Archive
 
-Release 2018-01-30
+Release 2018-11-06
 
 
 ### Change Log ###
 
-2018-01-30  Updated data.
+2018-11-06  Updated data
+
+2018-01-30  Updated data
 
 2017-11-08  Updated data. Sorted JSON keys so future updates should
             diff more cleanly in git commit logs.

data/0/vu_277400/vendor_wdon-axbt3u.json

@@ -0,0 +1,14 @@
+{
+  "Addendum": "There are no additional comments at this time.",
+  "DateLastUpdated": "2018-03-29T17:29:00-04:00",
+  "DateNotified": "",
+  "DateResponded": "",
+  "ID": "VU#277400",
+  "Revision": 2,
+  "Status": "Affected",
+  "Vendor": "Microsoft",
+  "VendorInformation": "We are not aware of further vendor information regarding this vulnerability.",
+  "VendorRecordID": "WDON-AXBT3U",
+  "VendorReferences": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1038",
+  "VendorStatement": "No statement is currently available from the vendor regarding this vulnerability."
+}

data/0/vu_277400/vu_277400.json

@@ -0,0 +1,65 @@
+{
+  "Author": "This document was written by Will Dormann.",
+  "CAM_AttackerAccessRequired": "0",
+  "CAM_EaseOfExploitation": "0",
+  "CAM_Exploitation": "0",
+  "CAM_Impact": "0",
+  "CAM_InternetInfrastructure": "0",
+  "CAM_Population": "0",
+  "CAM_ScoreCurrent": 0,
+  "CAM_ScoreCurrentWidelyKnown": 0,
+  "CAM_ScoreCurrentWidelyKnownExploited": 0,
+  "CAM_WidelyKnown": "0",
+  "CERTAdvisory": "",
+  "CVEIDs": "CVE-2018-1038",
+  "CVSS_AccessComplexity": "L",
+  "CVSS_AccessVector": "L",
+  "CVSS_Authenication": "S",
+  "CVSS_AvailabilityImpact": "C",
+  "CVSS_BaseScore": 6.8,
+  "CVSS_BaseVector": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
+  "CVSS_CollateralDamagePotential": "ND",
+  "CVSS_ConfidentialityImpact": "C",
+  "CVSS_EnvironmentalScore": 5.88950433792,
+  "CVSS_EnvironmentalVector": "CDP:ND/TD:H/CR:ND/IR:ND/AR:ND",
+  "CVSS_Exploitability": "H",
+  "CVSS_IntegrityImpact": "C",
+  "CVSS_RemediationLevel": "OF",
+  "CVSS_ReportConfidence": "C",
+  "CVSS_SecurityRequirementsAR": "ND",
+  "CVSS_SecurityRequirementsCR": "ND",
+  "CVSS_SecurityRequirementsIR": "ND",
+  "CVSS_TargetDistribution": "H",
+  "CVSS_TemporalScore": 5.9,
+  "CVSS_TemporalVector": "E:H/RL:OF/RC:C",
+  "DateCreated": "2018-03-29T17:06:22-04:00",
+  "DateFirstPublished": "2018-03-29T17:30:00-04:00",
+  "DateLastUpdated": "2018-04-24T15:53:00-04:00",
+  "DatePublic": "2018-03-27T00:00:00",
+  "Description": "The update that Microsoft has released for meltdown on x64 versions of Windows 7 and Windows Server 2008 R2 incorrectly sets the permission bit for memory accessible from unprivileged user space. As a result, such platforms that have the meltdown update installed, which was released in January 2018 will not properly protect the contents of system memory..",
+  "ID": "VU#277400",
+  "IDNumber": "277400",
+  "IPProtocol": "",
+  "Impact": "An attacker with the ability to run code on an affected platform as an unprivileged user may be able to read from and write to the entire contents of system memory. Exploit code that uses this vulnerability to escalate privileges from an unprivileged user to SYSTEM privileges is publicly available.",
+  "Keywords": [
+    "total meltdown",
+    "totalmeltdown"
+  ],
+  "Overview": "When the Microsoft update for meltdown is installed on a Windows 7 x64 or Windows Server 2008 R2 x64 system, an unprivileged process may be able to read and write the entire memory space available to the Windows kernel.",
+  "References": [
+    "http://blog.frizk.net/2018/03/total-meltdown.html",
+    "https://blog.xpnsec.com/total-meltdown-cve-2018-1038/",
+    "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1038"
+  ],
+  "Resolution": "Apply an update This issue is addressed in the Microsoft update for CVE-2018-1038.",
+  "Revision": 25,
+  "SystemsAffectedPreamble": "",
+  "ThanksAndCredit": "This vulnerability was publicly reported by Ulf Frisk.",
+  "Title": "Windows 7 and Windows Server 2008 R2 x64 fail to protect kernel memory when the Microsoft update for meltdown is installed",
+  "US-CERTTechnicalAlert": "",
+  "VRDA_D1_DirectReport": "0",
+  "VRDA_D1_Impact": "4",
+  "VRDA_D1_Population": "4",
+  "VulnerabilityCount": 1,
+  "Workarounds": ""
+}

data/1/vu_176301/vendor_dklt-b5lq39.json

@@ -0,0 +1,14 @@
+{
+  "Addendum": "There are no additional comments at this time.",
+  "DateLastUpdated": "2018-10-16T14:51:00-04:00",
+  "DateNotified": "",
+  "DateResponded": "",
+  "ID": "VU#176301",
+  "Revision": 1,
+  "Status": "Affected",
+  "Vendor": "Auto-Maskin AS",
+  "VendorInformation": "We are not aware of further vendor information regarding this vulnerability.",
+  "VendorRecordID": "DKLT-B5LQ39",
+  "VendorReferences": "None",
+  "VendorStatement": "No statement is currently available from the vendor regarding this vulnerability."
+}

data/1/vu_176301/vu_176301.json

@@ -0,0 +1,63 @@
+{
+  "Author": "This document was written by Dan Klinedinst.",
+  "CAM_AttackerAccessRequired": "0",
+  "CAM_EaseOfExploitation": "0",
+  "CAM_Exploitation": "0",
+  "CAM_Impact": "0",
+  "CAM_InternetInfrastructure": "0",
+  "CAM_Population": "0",
+  "CAM_ScoreCurrent": 0,
+  "CAM_ScoreCurrentWidelyKnown": 0,
+  "CAM_ScoreCurrentWidelyKnownExploited": 0,
+  "CAM_WidelyKnown": "0",
+  "CERTAdvisory": "",
+  "CVEIDs": [
+    " CVE\u20132018-5399",
+    "CVE-2018-5400",
+    "CVE-2018-5401",
+    "CVE-2018-5402"
+  ],
+  "CVSS_AccessComplexity": "--",
+  "CVSS_AccessVector": "--",
+  "CVSS_Authenication": "--",
+  "CVSS_AvailabilityImpact": "--",
+  "CVSS_BaseScore": 0,
+  "CVSS_BaseVector": "AV:--/AC:--/Au:--/C:--/I:--/A:--",
+  "CVSS_CollateralDamagePotential": "ND",
+  "CVSS_ConfidentialityImpact": "--",
+  "CVSS_EnvironmentalScore": 0,
+  "CVSS_EnvironmentalVector": "CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND",
+  "CVSS_Exploitability": "ND",
+  "CVSS_IntegrityImpact": "--",
+  "CVSS_RemediationLevel": "ND",
+  "CVSS_ReportConfidence": "ND",
+  "CVSS_SecurityRequirementsAR": "ND",
+  "CVSS_SecurityRequirementsCR": "ND",
+  "CVSS_SecurityRequirementsIR": "ND",
+  "CVSS_TargetDistribution": "ND",
+  "CVSS_TemporalScore": 0,
+  "CVSS_TemporalVector": "E:ND/RL:ND/RC:ND",
+  "DateCreated": "2018-09-10T10:06:43-04:00",
+  "DateFirstPublished": "2018-10-06T19:34:55-04:00",
+  "DateLastUpdated": "2018-10-16T14:52:00-04:00",
+  "DatePublic": "2018-10-06T00:00:00",
+  "Description": "CWE 798: \u200bUse of Hard-Coded Credentials - CVE\u20132018-5399\nThe DCU 210E firmware contains an undocumented Dropbear SSH server with a hardcoded username and password. The password is easily susceptible to cracking. CWE-346:\u200bOrigin Validation Error - CVE\u20132018-5400\nThe Auto-Maskin products utilize an undocumented custom protocol to set up Modbus communications with other devices without validating those devices. CWE-319:\u200b Cleartext Transmission of Sensitive Information - CVE\u20132018-5401\nThe devices transmit process control information via unencrypted Modbus communications. CWE-319:\u200b Cleartext Transmission of Sensitive Information - CVE\u20132018-5402\nThe embedded webserver uses unencrypted plaintext for the transmission of the administrator PIN.",
+  "ID": "VU#176301",
+  "IDNumber": "176301",
+  "IPProtocol": "",
+  "Impact": "An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information. An attacker can send arbitrary ModBus (control) information to the engine control units.",
+  "Keywords": "[VRF#18-09-KTDMW]",
+  "Overview": "Auto-Maskin RP remote panels and DCU controls units are used to monitor and control ship engines. The units have several authentication and encryption vulnerabilities which can allow attackers to access the units and control connected engines.",
+  "References": "",
+  "Resolution": "CERT/CC is currently unaware of an update to address the vulnerabilities.",
+  "Revision": 14,
+  "SystemsAffectedPreamble": "",
+  "ThanksAndCredit": "Thanks to Brian Satira and Brian Olson for reporting this vulnerability.",
+  "Title": "Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App",
+  "US-CERTTechnicalAlert": "",
+  "VRDA_D1_DirectReport": "1",
+  "VRDA_D1_Impact": "",
+  "VRDA_D1_Population": "",
+  "VulnerabilityCount": 1,
+  "Workarounds": "Critical control devices such as these should only be accessible via private, carefully secured networks."
+}

data/1/vu_992201/vu_992201.json

@@ -12,26 +12,26 @@
   "CAM_WidelyKnown": "0",
   "CERTAdvisory": "",
   "CVEIDs": "",
-  "CVSS_AccessComplexity": "",
-  "CVSS_AccessVector": "",
-  "CVSS_Authenication": "",
-  "CVSS_AvailabilityImpact": "",
-  "CVSS_BaseScore": "",
-  "CVSS_BaseVector": "",
-  "CVSS_CollateralDamagePotential": "",
-  "CVSS_ConfidentialityImpact": "",
-  "CVSS_EnvironmentalScore": "",
-  "CVSS_EnvironmentalVector": "",
-  "CVSS_Exploitability": "",
-  "CVSS_IntegrityImpact": "",
-  "CVSS_RemediationLevel": "",
-  "CVSS_ReportConfidence": "",
-  "CVSS_SecurityRequirementsAR": "",
-  "CVSS_SecurityRequirementsCR": "",
-  "CVSS_SecurityRequirementsIR": "",
-  "CVSS_TargetDistribution": "",
-  "CVSS_TemporalScore": "",
-  "CVSS_TemporalVector": "",
+  "CVSS_AccessComplexity": "--",
+  "CVSS_AccessVector": "--",
+  "CVSS_Authenication": "--",
+  "CVSS_AvailabilityImpact": "--",
+  "CVSS_BaseScore": 0,
+  "CVSS_BaseVector": "AV:--/AC:--/Au:--/C:--/I:--/A:--",
+  "CVSS_CollateralDamagePotential": "Not Defined (ND)",
+  "CVSS_ConfidentialityImpact": "--",
+  "CVSS_EnvironmentalScore": 0,
+  "CVSS_EnvironmentalVector": "CDP:Not Defined (ND)/TD:Not Defined (ND)/CR:Not Defined (ND)/IR:Not Defined (ND)/AR:Not Defined (ND)",
+  "CVSS_Exploitability": "Not Defined (ND)",
+  "CVSS_IntegrityImpact": "--",
+  "CVSS_RemediationLevel": "Not Defined (ND)",
+  "CVSS_ReportConfidence": "Not Defined (ND)",
+  "CVSS_SecurityRequirementsAR": "Not Defined (ND)",
+  "CVSS_SecurityRequirementsCR": "Not Defined (ND)",
+  "CVSS_SecurityRequirementsIR": "Not Defined (ND)",
+  "CVSS_TargetDistribution": "Not Defined (ND)",
+  "CVSS_TemporalScore": 0,
+  "CVSS_TemporalVector": "E:Not Defined (ND)/RL:Not Defined (ND)/RC:Not Defined (ND)",
   "DateCreated": "2003-03-27T17:14:28-04:00",
   "DateFirstPublished": "",
   "DateLastUpdated": "2003-03-27T17:34:00-04:00",

data/11/vu_581311/vendor_cheu-b2blpr.json

@@ -0,0 +1,14 @@
+{
+  "Addendum": "There are no additional comments at this time.",
+  "DateLastUpdated": "2018-10-16T14:09:00-04:00",
+  "DateNotified": "2018-07-03T11:52:20-04:00",
+  "DateResponded": "",
+  "ID": "VU#581311",
+  "Revision": 1,
+  "Status": "Affected",
+  "Vendor": "TP-LINK",
+  "VendorInformation": "We are not aware of further vendor information regarding this vulnerability.",
+  "VendorRecordID": "CHEU-B2BLPR",
+  "VendorReferences": "None",
+  "VendorStatement": "No statement is currently available from the vendor regarding this vulnerability."
+}

data/11/vu_581311/vu_581311.json

@@ -0,0 +1,73 @@
+{
+  "Author": "This document was written by Garret Wassermann.",
+  "CAM_AttackerAccessRequired": "0",
+  "CAM_EaseOfExploitation": "0",
+  "CAM_Exploitation": "0",
+  "CAM_Impact": "0",
+  "CAM_InternetInfrastructure": "0",
+  "CAM_Population": "0",
+  "CAM_ScoreCurrent": 0,
+  "CAM_ScoreCurrentWidelyKnown": 0,
+  "CAM_ScoreCurrentWidelyKnownExploited": 0,
+  "CAM_WidelyKnown": "0",
+  "CERTAdvisory": "",
+  "CVEIDs": [
+    "CVE-2018-5393",
+    "CVE-2015-6420"
+  ],
+  "CVSS_AccessComplexity": "L",
+  "CVSS_AccessVector": "N",
+  "CVSS_Authenication": "N",
+  "CVSS_AvailabilityImpact": "P",
+  "CVSS_BaseScore": 7.5,
+  "CVSS_BaseVector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+  "CVSS_CollateralDamagePotential": "ND",
+  "CVSS_ConfidentialityImpact": "P",
+  "CVSS_EnvironmentalScore": 5.86048806962325,
+  "CVSS_EnvironmentalVector": "CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND",
+  "CVSS_Exploitability": "POC",
+  "CVSS_IntegrityImpact": "P",
+  "CVSS_RemediationLevel": "OF",
+  "CVSS_ReportConfidence": "C",
+  "CVSS_SecurityRequirementsAR": "ND",
+  "CVSS_SecurityRequirementsCR": "ND",
+  "CVSS_SecurityRequirementsIR": "ND",
+  "CVSS_TargetDistribution": "ND",
+  "CVSS_TemporalScore": 5.9,
+  "CVSS_TemporalVector": "E:POC/RL:OF/RC:C",
+  "DateCreated": "2018-06-28T11:57:32-04:00",
+  "DateFirstPublished": "2018-09-26T09:07:40-04:00",
+  "DateLastUpdated": "2018-10-30T08:43:00-04:00",
+  "DatePublic": "2018-09-18T00:00:00",
+  "Description": "CWE-306: Missing Authentication for Critical Function - CVE-2018-5393 EAP Controller for Linux utilizes a Java remote method invocation (RMI) service for remote control. The RMI interface does not require any authentication before use. Remote attackers can implement deserialization attacks through the RMI protocol. Successful attacks may allow a remote attacker to remotely control the target server and execute Java functions or bytecode. CWE-502: Deserialization of Untrusted Data - CVE-2015-6420 EAP Controller for Linux bundles a vulnerable version of Apache commons-collections v3.2.1 with the software, which appears to be the root cause of the vulnerability. Therefore, EAP Controller v2.5.3 and earlier are vulnerable to CVE-2015-6420 as documented in VU#576313. EAP Controller v2.5.3 and earlier for Linux are affected by both vulnerabilities.",
+  "ID": "VU#581311",
+  "IDNumber": "581311",
+  "IPProtocol": "",
+  "Impact": "A Java application or library with the Apache Commons Collections library in its classpath may be coerced into executing arbitrary Java functions or bytecode.",
+  "Keywords": [
+    "eap",
+    "deserialization",
+    "java",
+    "rmi",
+    "commons-collections"
+  ],
+  "Overview": "The TP-LINK EAP Controller is TP-LINK's software for remotely controlling wireless access point devices. EAP Controller for Linux lacks user authentication for RMI service commands, as well as utilizes an outdated vulnerable version of Apache commons-collections, which may allow an attacker to implement deserialization attacks and control the EAP Controller server.",
+  "References": [
+    "https://www.kb.cert.org/vuls/id/576313",
+    "https://www.tp-link.com/en/download/EAP220.html#Controller_Software",
+    "https://docs.oracle.com/javase/8/docs/technotes/guides/rmi/rmi_security_recommendations.html",
+    "http://cwe.mitre.org/data/definitions/306.html",
+    "http://cwe.mitre.org/data/definitions/502.html"
+  ],
+  "Resolution": "There is currently no available update to EAP Controller to fully address the vulnerability. However, affected users may take the following actions to help mitigate and reduce risk. As described in VU#576313, updating the vulnerable libraries does not necessarily eliminate the vulnerability in all scenarios.",
+  "Revision": 97,
+  "SystemsAffectedPreamble": "",
+  "ThanksAndCredit": "Thanks to Liu Zhu, of Huawei Weiran Lab for reporting this vulnerability.",
+  "Title": "TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks",
+  "US-CERTTechnicalAlert": "",
+  "VRDA_D1_DirectReport": "0",
+  "VRDA_D1_Impact": "",
+  "VRDA_D1_Population": "",
+  "VulnerabilityCount": 1,
+  "Workarounds": "Update Apache commons-collections Affected users should update the system Apache commons-collections library to at least version 3.2.2 or 4.1. For details, please see VU#576313. Update the JRE version of EAP Affected users should also update the Java Runtime Environment (JRE) used by EAP to the latest available version. Recent versions of JRE have improved deserialization protection features."
+}