nvd-json-data-feeds/CVE-2018/CVE-2018-123xx/CVE-2018-12337.json

{
  "id": "CVE-2018-12337",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2018-06-17T16:29:00.770",
  "lastModified": "2018-08-10T15:11:12.080",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de dependencia en seguridad por oscuridad en ECOS Secure Boot Stick (tambi\u00e9n conocido como SBS) 5.6.5 permite que un atacante extraiga parcialmente configuraciones confidenciales mediante la emulaci\u00f3n del espacio de usuario."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "PHYSICAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.6,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:ecos:secure_boot_stick_firmware:5.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "77FBED9D-19A7-4688-AEDF-A9CD8E29D67B"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:ecos:secure_boot_stick:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "623AC72F-BF47-4582-968C-A996462A00A0"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html",
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ]
    }
  ]
}