6.5

CVE-2018-5467

EPSS 0.05%
Veröffentlicht 06.03.2018 21:29:00
Zuletzt bearbeitet 21.11.2024 04:08:51
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Belden ≫ Hirschmann Rs20-0900mmm2tdau Version-

Belden ≫ Hirschmann Rs20-0900nnm4tdau Version-

Belden ≫ Hirschmann Rs20-0900vvm2tdau Version-

Belden ≫ Hirschmann Rs20-1600l2l2sdau Version-

Belden ≫ Hirschmann Rs20-1600l2m2sdau Version-

Belden ≫ Hirschmann Rs20-1600l2s2sdau Version-

Belden ≫ Hirschmann Rs20-1600l2t1sdau Version-

Belden ≫ Hirschmann Rs20-1600m2m2sdau Version-

Belden ≫ Hirschmann Rs20-1600m2t1sdau Version-

Belden ≫ Hirschmann Rs20-1600s2m2sdau Version-

Belden ≫ Hirschmann Rs20-1600s2s2sdau Version-

Belden ≫ Hirschmann Rs20-1600s2t1sdau Version-

Belden ≫ Hirschmann Rsr20 Version-

Belden ≫ Hirschmann Rsr30 Version-

Belden ≫ Hirschmann Rsb20-0800m2m2saab Version-

Belden ≫ Hirschmann Rsb20-0800m2m2saabe Version-

Belden ≫ Hirschmann Rsb20-0800m2m2taab Version-

Belden ≫ Hirschmann Rsb20-0800m2m2taabe Version-

Belden ≫ Hirschmann Rsb20-0800s2s2saab Version-

Belden ≫ Hirschmann Rsb20-0800s2s2saabe Version-

Belden ≫ Hirschmann Rsb20-0800s2s2taab Version-

Belden ≫ Hirschmann Rsb20-0800s2s2taabe Version-

Belden ≫ Hirschmann Rsb20-0800t1t1saab Version-

Belden ≫ Hirschmann Rsb20-0800t1t1saabe Version-

Belden ≫ Hirschmann Rsb20-0800t1t1taab Version-

Belden ≫ Hirschmann Rsb20-0800t1t1taabe Version-

Belden ≫ Hirschmann Rsb20-0900m2ttsaab Version-

Belden ≫ Hirschmann Rsb20-0900m2ttsaabe Version-

Belden ≫ Hirschmann Rsb20-0900m2tttaab Version-

Belden ≫ Hirschmann Rsb20-0900m2tttaabe Version-

Belden ≫ Hirschmann Rsb20-0900mmm2saab Version-

Belden ≫ Hirschmann Rsb20-0900mmm2saabe Version-

Belden ≫ Hirschmann Rsb20-0900mmm2taab Version-

Belden ≫ Hirschmann Rsb20-0900mmm2taabe Version-

Belden ≫ Hirschmann Rsb20-0900s2ttsaab Version-

Belden ≫ Hirschmann Rsb20-0900s2ttsaabe Version-

Belden ≫ Hirschmann Rsb20-0900s2tttaab Version-

Belden ≫ Hirschmann Rsb20-0900s2tttaabe Version-

Belden ≫ Hirschmann Rsb20-0900vvm2saab Version-

Belden ≫ Hirschmann Rsb20-0900vvm2saabe Version-

Belden ≫ Hirschmann Rsb20-0900vvm2taab Version-

Belden ≫ Hirschmann Rsb20-0900vvm2taabe Version-

Belden ≫ Hirschmann Rsb20-0900zzz6saab Version-

Belden ≫ Hirschmann Rsb20-0900zzz6saabe Version-

Belden ≫ Hirschmann Rsb20-0900zzz6taab Version-

Belden ≫ Hirschmann Rsb20-0900zzz6taabe Version-

Belden ≫ Hirschmann M1-8mm-sc Version-

Belden ≫ Hirschmann M1-8sfp Version-

Belden ≫ Hirschmann M1-8sm-sc Version-

Belden ≫ Hirschmann M1-8tp-rj45 Version-

Belden ≫ Hirschmann Mach102-24tp-f Version-

Belden ≫ Hirschmann Mach102-24tp-fr Version-

Belden ≫ Hirschmann Mach102-8tp Version-

Belden ≫ Hirschmann Mach102-8tp-f Version-

Belden ≫ Hirschmann Mach102-8tp-fr Version-

Belden ≫ Hirschmann Mach102-8tp-r Version-

Belden ≫ Hirschmann Mach104-16tx-poep Version-

Belden ≫ Hirschmann Mach104-16tx-poep-l3p Version-

Belden ≫ Hirschmann Mach104-16tx-poep +2x Version-

Belden ≫ Hirschmann Mach104-16tx-poep +2x-l3p Version-

Belden ≫ Hirschmann Mach104-16tx-poep +2x -e Version-

Belden ≫ Hirschmann Mach104-16tx-poep +2x -e-l3p Version-

Belden ≫ Hirschmann Mach104-16tx-poep +2x -r Version-

Belden ≫ Hirschmann Mach104-16tx-poep +2x -r-l3p Version-

Belden ≫ Hirschmann Mach104-16tx-poep -e Version-

Belden ≫ Hirschmann Mach104-16tx-poep -e-l3p Version-

Belden ≫ Hirschmann Mach104-16tx-poep -r Version-

Belden ≫ Hirschmann Mach104-16tx-poep -r-l3p Version-

Belden ≫ Hirschmann Mach104-20tx-f Version-

Belden ≫ Hirschmann Mach104-20tx-f-4poe Version-

Belden ≫ Hirschmann Mach104-20tx-f-l3p Version-

Belden ≫ Hirschmann Mach104-20tx-fr Version-

Belden ≫ Hirschmann Mach104-20tx-fr-l3p Version-

Belden ≫ Hirschmann Mach4002-24g+3x-l2p Version-

Belden ≫ Hirschmann Mach4002-24g+3x-l3e Version-

Belden ≫ Hirschmann Mach4002-24g+3x-l3p Version-

Belden ≫ Hirschmann Mach4002-24g-l2p Version-

Belden ≫ Hirschmann Mach4002-24g-l3e Version-

Belden ≫ Hirschmann Mach4002-24g-l3p Version-

Belden ≫ Hirschmann Mach4002-48g+3x-l2p Version-

Belden ≫ Hirschmann Mach4002-48g+3x-l3e Version-

Belden ≫ Hirschmann Mach4002-48g+3x-l3p Version-

Belden ≫ Hirschmann Mach4002-48g-l2p Version-

Belden ≫ Hirschmann Mach4002-48g-l3e Version-

Belden ≫ Hirschmann Mach4002-48g-l3p Version-

Belden ≫ Hirschmann Ms20-0800eccp Version-

Belden ≫ Hirschmann Ms20-0800saae Version-

Belden ≫ Hirschmann Ms20-0800saap Version-

Belden ≫ Hirschmann Ms20-1600eccp Version-

Belden ≫ Hirschmann Ms20-1600saae Version-

Belden ≫ Hirschmann Ms20-1600saap Version-

Belden ≫ Hirschmann Ms30-0802saae Version-

Belden ≫ Hirschmann Ms30-0802saap Version-

Belden ≫ Hirschmann Ms30-1602saae Version-

Belden ≫ Hirschmann Octopus 16m Version-

Belden ≫ Hirschmann Octopus 16m-8poe Version-

Belden ≫ Hirschmann Octopus 16m-train Version-

Belden ≫ Hirschmann Octopus 16m-train-bp Version-

Belden ≫ Hirschmann Octopus 24m Version-

Belden ≫ Hirschmann Octopus 24m-8 Poe Version-

Belden ≫ Hirschmann Octopus 24m-train Version-

Belden ≫ Hirschmann Octopus 24m-train-bp Version-

Belden ≫ Hirschmann Octopus 5tx Eec Version-

Belden ≫ Hirschmann Octopus 8m Version-

Belden ≫ Hirschmann Octopus 8m-6poe Version-

Belden ≫ Hirschmann Octopus 8m-8poe Version-

Belden ≫ Hirschmann Octopus 8m-train Version-

Belden ≫ Hirschmann Octopus 8m-train-bp Version-

Belden ≫ Hirschmann Octopus 8tx-eec Version-

Belden ≫ Hirschmann Octopus 8tx Poe-eec Version-

Belden ≫ Hirschmann Octopus Os20-000900t5t5tafbhh Version-

Belden ≫ Hirschmann Octopus Os20-000900t5t5tnebhh Version-

Belden ≫ Hirschmann Octopus Os20-0010001m1mtrephh Version-

Belden ≫ Hirschmann Octopus Os20-0010001s1strephh Version-

Belden ≫ Hirschmann Octopus Os20-0010004m4mtrephh Version-

Belden ≫ Hirschmann Octopus Os20-0010004s4strephh Version-

Belden ≫ Hirschmann Octopus Os20-001000t5t5tafuhb Version-

Belden ≫ Hirschmann Octopus Os20-001000t5t5tneuhb Version-

Belden ≫ Hirschmann Octopus Os24-080900t5t5tffbhh Version-

Belden ≫ Hirschmann Octopus Os24-080900t5t5tnebhh Version-

Belden ≫ Hirschmann Octopus Os24-081000t5t5tffuhb Version-

Belden ≫ Hirschmann Octopus Os24-081000t5t5tneuhb Version-

Belden ≫ Hirschmann Octopus Os30 Version-

Belden ≫ Hirschmann Octopus Os30-0008021a1atrephh Version-

Belden ≫ Hirschmann Octopus Os30-0008021b1btrephh Version-

Belden ≫ Hirschmann Octopus Os30-0008024a4atrephh Version-

Belden ≫ Hirschmann Octopus Os30-0008024b4btrephh Version-

Belden ≫ Hirschmann Octopus Os32-080802o6o6tpephh Version-

Belden ≫ Hirschmann Octopus Os32-080802t6t6tpephh Version-

Belden ≫ Hirschmann Octopus Os32-081602o6o6tpephh Version-

Belden ≫ Hirschmann Octopus Os32-081602t6t6tpephh Version-

Belden ≫ Hirschmann Octopus Os34 Version-

Belden ≫ Hirschmann Octopus Os3x-xx16xxx Version-

Belden ≫ Hirschmann Octopus Os3x-xx24xxx Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.106

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-598 Use of GET Request Method With Sensitive Query Strings

The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.

http://www.securityfocus.com/bid/103340

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2018-5467

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-5467

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-5467

EUVD