nvd-json-data-feeds/CVE-2018/CVE-2018-72xx/CVE-2018-7296.json

{
  "id": "CVE-2018-7296",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2018-02-22T19:29:04.530",
  "lastModified": "2019-10-03T00:03:26.223",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory Traversal / Arbitrary File Read in User.getLanguage method in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows remote attackers to read the first line of an arbitrary file on the CCU2's filesystem. This vulnerability can be exploited by unauthenticated attackers with access to the web interface."
    },
    {
      "lang": "es",
      "value": "Salto de directorio/lectura de archivos arbitrarios en el m\u00e9todo User.getLanguage en eQ-3 AG Homematic CCU2, en versiones 2.29.2 y anteriores, permite que atacantes remotos lean la primera l\u00ednea de un archivo arbitrario en el sistema de archivos de CCU2. Esta vulnerabilidad podr\u00eda ser explotada por atacantes no autenticados con acceso a la interfaz web."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:eq-3:homematic_central_control_unit_ccu2_firmware:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "2.29.22",
              "matchCriteriaId": "65FE646C-A557-4FB1-8C74-655BF6820784"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:eq-3:homematic_central_control_unit_ccu2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "250E0A8B-A3F3-4A65-9C9D-8327EB1D99E5"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://atomic111.github.io/article/homematic-ccu2-fileread",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}