nvd-json-data-feeds/CVE-2018/CVE-2018-154xx/CVE-2018-15486.json

{
  "id": "CVE-2018-15486",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2018-09-07T22:29:01.493",
  "lastModified": "2019-10-03T00:03:26.223",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the name parameter of the file endpoint, aka KONE-02."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en versiones anteriores a la 4.6.5 de los productos KONE Group Controller (KGC). Es posible la inclusi\u00f3n y modificaci\u00f3n de archivos locales sin autenticaci\u00f3n mediante la interfaz HTTP abierta modificando el par\u00e1metro name del endpoint de archivo, lo que tambi\u00e9n se conoce como KONE-02."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.4
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-829"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:kone:group_controller_firmware:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "4.6.5",
              "matchCriteriaId": "00A0F77B-372B-447C-9349-72EFF4C14209"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:kone:group_controller:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0086FB61-EA13-4EA5-99B8-05FCA5CC1C36"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html",
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://www.kone.com/en/vulnerability.aspx",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}