[Japanese]

JVNDB-2018-009127

Multiple vulnerabilities in LogonTracer

Overview

LogonTracer provided by JPCERT Coordination Center is a tool to investigate malicious Windows logon by visualizing and analyzing Windows event log. LogonTracer contains multiple vulnerabilities listed below.

* Cross-site Scripting (CWE-79) - CVE-2018-16165
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1
CVSS v2 AV:N/AC:M/Au:N/C:N/I:P/A:N Base Score: 4.3
* XXE (XML External Entity) Injection (CWE-611) - CVE-2018-16166
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:L Base Score: 6.1
CVSS v2 AV:N/AC:L/Au:N/C:P/I:N/A:N Base Score: 5.0
* OS Command Injection (CWE-78) - CVE-2018-16167
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Base Score: 10.0
CVSS v2 AV:N/AC:L/Au:N/C:P/I:P/A:P Base Score: 7.5
* Code Injection (CWE-94) - CVE-2018-16168
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Base Score: 10.0
CVSS v2 AV:N/AC:L/Au:N/C:P/I:P/A:P Base Score: 7.5

Shoji Baba of Kobe Digital Labo, Inc. reported these vulnerabilities to JPCERT/CC, and JPCERT/CC fixed those vulnerabilities and released the updated version of software.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 10.0 (Critical) [NVD Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 7.5 (High) [NVD Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2018-16167


CVSS V3 Severity:
Base Metrics 10.0 (Critical) [JPCERT/CC Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 7.5 (High) [JPCERT/CC Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2018-16168


CVSS V3 Severity:
Base Metrics 6.1 (Medium) [JPCERT/CC Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: Low
CVSS V2 Severity:
Base Metrics 5.0 (Medium) [JPCERT/CC Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2018-16166


CVSS V3 Severity:
Base Metrics 6.1 (Medium) [JPCERT/CC Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 4.3 (Medium) [JPCERT/CC Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2018-16165
Affected Products


JPCERT Coordination Center
  • LogonTracer 1.2.0 and earlier

Impact

* An arbitrary script may be executed on the user's web browser - CVE-2018-16165
* An attacker may obtain an arbitrary file on the server where the affected product is installed - CVE-2018-16166
* An attacker may execute an arbitrary OS command on the server where the affected product is installed - CVE-2018-16167
* An attacker may execute arbitrary Python code on the server where the affected product is installed - CVE-2018-16168
Solution

[Update the software]
Update the software to the latest version according to the information provided by the developer.
Vendor Information

JPCERT Coordination Center
CWE (What is CWE?)

  1. Improper Restriction of XML External Entity Reference(CWE-611) [NVD Evaluation]
  2. OS Command Injection(CWE-78) [NVD Evaluation]
  3. Cross-site Scripting(CWE-79) [NVD Evaluation]
  4. Code Injection(CWE-94) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2018-16165
  2. CVE-2018-16166
  3. CVE-2018-16168
  4. CVE-2018-16167
References

  1. JVN : JVNVU#98026636
  2. National Vulnerability Database (NVD) : CVE-2018-16165
  3. National Vulnerability Database (NVD) : CVE-2018-16166
  4. National Vulnerability Database (NVD) : CVE-2018-16167
  5. National Vulnerability Database (NVD) : CVE-2018-16168
Revision History

  • [2024/08/21]
      Web page was published