[Japanese]
|
JVNDB-2018-009127
|
Multiple vulnerabilities in LogonTracer
|
LogonTracer provided by JPCERT Coordination Center is a tool to investigate malicious Windows logon by visualizing and analyzing Windows event log. LogonTracer contains multiple vulnerabilities listed below.
* Cross-site Scripting (CWE-79) - CVE-2018-16165
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1
CVSS v2 AV:N/AC:M/Au:N/C:N/I:P/A:N Base Score: 4.3
* XXE (XML External Entity) Injection (CWE-611) - CVE-2018-16166
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:L Base Score: 6.1
CVSS v2 AV:N/AC:L/Au:N/C:P/I:N/A:N Base Score: 5.0
* OS Command Injection (CWE-78) - CVE-2018-16167
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Base Score: 10.0
CVSS v2 AV:N/AC:L/Au:N/C:P/I:P/A:P Base Score: 7.5
* Code Injection (CWE-94) - CVE-2018-16168
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Base Score: 10.0
CVSS v2 AV:N/AC:L/Au:N/C:P/I:P/A:P Base Score: 7.5
Shoji Baba of Kobe Digital Labo, Inc. reported these vulnerabilities to JPCERT/CC, and JPCERT/CC fixed those vulnerabilities and released the updated version of software.
|
CVSS V3 Severity: Base Metrics 10.0 (Critical) [NVD Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
CVSS V2 Severity: Base Metrics 7.5 (High) [NVD Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2018-16167
|
CVSS V3 Severity:
Base Metrics
10.0 (Critical) [JPCERT/CC Score]
-
Attack Vector: Network
-
Attack Complexity: Low
-
Privileges Required: None
-
User Interaction: None
-
Scope: Changed
-
Confidentiality Impact: High
-
Integrity Impact: High
-
Availability Impact: High
CVSS V2 Severity:Base Metrics
7.5 (High)
[JPCERT/CC Score]
-
Access Vector: Network
-
Access Complexity: Low
-
Authentication: None
-
Confidentiality Impact: Partial
-
Integrity Impact: Partial
-
Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2018-16168
|
CVSS V3 Severity:
Base Metrics
6.1 (Medium) [JPCERT/CC Score]
-
Attack Vector: Network
-
Attack Complexity: Low
-
Privileges Required: None
-
User Interaction: Required
-
Scope: Changed
-
Confidentiality Impact: Low
-
Integrity Impact: None
-
Availability Impact: Low
CVSS V2 Severity:Base Metrics
5.0 (Medium)
[JPCERT/CC Score]
-
Access Vector: Network
-
Access Complexity: Low
-
Authentication: None
-
Confidentiality Impact: Partial
-
Integrity Impact: None
-
Availability Impact: None
The above CVSS base scores have been assigned for CVE-2018-16166
|
CVSS V3 Severity:
Base Metrics
6.1 (Medium) [JPCERT/CC Score]
-
Attack Vector: Network
-
Attack Complexity: Low
-
Privileges Required: None
-
User Interaction: Required
-
Scope: Changed
-
Confidentiality Impact: Low
-
Integrity Impact: Low
-
Availability Impact: None
CVSS V2 Severity:Base Metrics
4.3 (Medium)
[JPCERT/CC Score]
-
Access Vector: Network
-
Access Complexity: Medium
-
Authentication: None
-
Confidentiality Impact: None
-
Integrity Impact: Partial
-
Availability Impact: None
The above CVSS base scores have been assigned for CVE-2018-16165
|
|
JPCERT Coordination Center
- LogonTracer 1.2.0 and earlier
|
|
* An arbitrary script may be executed on the user's web browser - CVE-2018-16165
* An attacker may obtain an arbitrary file on the server where the affected product is installed - CVE-2018-16166
* An attacker may execute an arbitrary OS command on the server where the affected product is installed - CVE-2018-16167
* An attacker may execute arbitrary Python code on the server where the affected product is installed - CVE-2018-16168
|
[Update the software]
Update the software to the latest version according to the information provided by the developer.
|
JPCERT Coordination Center
|
- Improper Restriction of XML External Entity Reference(CWE-611) [NVD Evaluation]
- OS Command Injection(CWE-78) [NVD Evaluation]
- Cross-site Scripting(CWE-79) [NVD Evaluation]
- Code Injection(CWE-94) [NVD Evaluation]
|
- CVE-2018-16165
- CVE-2018-16166
- CVE-2018-16168
- CVE-2018-16167
|
- JVN : JVNVU#98026636
- National Vulnerability Database (NVD) : CVE-2018-16165
- National Vulnerability Database (NVD) : CVE-2018-16166
- National Vulnerability Database (NVD) : CVE-2018-16167
- National Vulnerability Database (NVD) : CVE-2018-16168
|
- [2024/08/21]
Web page was published
|