CVE-2018-20393 : Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0

Technicolor CGA0111 CGA0111E-ES-13-E23E-c8000r5712-170217-0829-TRU, CWA0101 CWA0101E-A23E-c7000r5712-170315-SKC, DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-170214a, TC7110.AR STD3.38.03, TC7110.B STC8.62.02, TC7110.D STDB.79.02, TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT, and TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.

Published 2018-12-23 21:29:01

Updated 2020-08-24 17:37:01

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2018-20393

Technicolor » Dpc3928sl Firmware » Version: D3928sl-psip-13-a010-c3420r55105-170214a
cpe:2.3:o:technicolor:dpc3928sl_firmware:d3928sl-psip-13-a010-c3420r55105-170214a:*:*:*:*:*:*:*
Matching versions
When used together with: Technicolor » Dpc3928sl » Version: 1.0
Technicolor » Tc7110.ar Firmware » Version: Std3.38.03
cpe:2.3:o:technicolor:tc7110.ar_firmware:std3.38.03:*:*:*:*:*:*:*
Matching versions
When used together with: Technicolor » Tc7110.ar » Version: 1.0
Technicolor » Tc7110.b Firmware » Version: Stc8.62.02
cpe:2.3:o:technicolor:tc7110.b_firmware:stc8.62.02:*:*:*:*:*:*:*
Matching versions
When used together with: Technicolor » Tc7110.b » Version: 2.0
Technicolor » Tc7200.d1i Firmware » Version: Tc7200.d1ie-n23e-c7000r5712-170406-hat
cpe:2.3:o:technicolor:tc7200.d1i_firmware:tc7200.d1ie-n23e-c7000r5712-170406-hat:*:*:*:*:*:*:*
Matching versions
When used together with: Technicolor » Tc7200.d1i » Version: 1.0
Technicolor » Cga0111 Firmware » Version: Cga0111e-es-13-e23e-c8000r5712-170217-0829-tru
cpe:2.3:o:technicolor:cga0111_firmware:cga0111e-es-13-e23e-c8000r5712-170217-0829-tru:*:*:*:*:*:*:*
Matching versions
When used together with: Technicolor » Cga0111 » Version: 1.0
Technicolor » Cga0101 Firmware » Version: Cwa0101e-a23e-c7000r5712-170315-skc
cpe:2.3:o:technicolor:cga0101_firmware:cwa0101e-a23e-c7000r5712-170315-skc:*:*:*:*:*:*:*
Matching versions
When used together with: Technicolor » Cga0101 » Version: 1.0
Technicolor » Tc7110.d Firmware » Version: Stdb.79.02
cpe:2.3:o:technicolor:tc7110.d_firmware:stdb.79.02:*:*:*:*:*:*:*
Matching versions
When used together with: Technicolor » Tc7110.d » Version: 1.0
Technicolor » Tc7200.th2v2.d1i Firmware » Version: Sc05.00.22
cpe:2.3:o:technicolor:tc7200.th2v2.d1i_firmware:sc05.00.22:*:*:*:*:*:*:*
Matching versions
When used together with: Technicolor » Tc7200.th2v2.d1i » Version: 01.00

Exploit prediction scoring system (EPSS) score for CVE-2018-20393

EPSS FAQ

0.63%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 68 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-20393

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2018-20393

https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv

sensitivesOids/oidpassswordleaks.csv at master · ezelf/sensitivesOids · GitHub
Third Party Advisory

CVEs referencing this url
https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html

Capitan Alfa: [stringbleed] y ahora que ? ...Passwords Leaks ( CVE-2018-203580 a CVE-2018-20401)
Exploit;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2018-20393

Products affected by CVE-2018-20393

Exploit prediction scoring system (EPSS) score for CVE-2018-20393

CVSS scores for CVE-2018-20393

References for CVE-2018-20393