CVE-2018-11518 - OpenCVE

Vendors	Products
Hcltech	Legacy Ivr Legacy Ivr Firmware

Link	Providers
http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html
https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html
https://twitter.com/mishradhiraj_/status/1001664204485652482
https://twitter.com/mishradhiraj_/status/1001664440759091207

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-05-30T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-30T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://twitter.com/mishradhiraj_/status/1001664440759091207"}, {"tags": ["x_refsource_MISC"], "url": "https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html"}, {"tags": ["x_refsource_MISC"], "url": "http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html"}, {"tags": ["x_refsource_MISC"], "url": "https://twitter.com/mishradhiraj_/status/1001664204485652482"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-11518", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://twitter.com/mishradhiraj_/status/1001664440759091207", "refsource": "MISC", "url": "https://twitter.com/mishradhiraj_/status/1001664440759091207"}, {"name": "https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html", "refsource": "MISC", "url": "https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html"}, {"name": "http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html", "refsource": "MISC", "url": "http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html"}, {"name": "https://twitter.com/mishradhiraj_/status/1001664204485652482", "refsource": "MISC", "url": "https://twitter.com/mishradhiraj_/status/1001664204485652482"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T08:10:14.610Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://twitter.com/mishradhiraj_/status/1001664440759091207"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://twitter.com/mishradhiraj_/status/1001664204485652482"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-11518", "datePublished": "2018-05-30T20:00:00", "dateReserved": "2018-05-28T00:00:00", "dateUpdated": "2024-08-05T08:10:14.610Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:hcltech:legacy_ivr:-:*:*:*:*:*:*:*", "matchCriteriaId": "5226101C-AEB5-4660-A9B6-C0F6EB6FA717", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:hcltech:legacy_ivr_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D9B9B1F8-7095-48BD-BAE3-E471BABBA1FA", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece)."}, {"lang": "es", "value": "Una vulnerabilidad permite un ataque de phreaking en los sistemas IVR heredados de HCL que no emplean VoIP. Estos sistemas IVR dependen de varias frecuencias de se\u00f1ales de audio; se procesan ciertos comandos y funciones en base a dichas frecuencias. Ya que estas frecuentas se aceptan en una llamada telef\u00f3nica, un atacante puede grabar estas frecuencias y emplearlas para realizar activaciones de servicios. Este es un problema de Request-Forgery cuando la serie de se\u00f1ales DTMF requerida para activar un servicio es predecible (por ejemplo, el sistema IVR no comunica un nonce al llamante). En este caso, el sistema IVR acepta una petici\u00f3n de activaci\u00f3n de un canal menos seguro (cualquier altavoz en el entorno f\u00edsico del llamante) sin verificar que la petici\u00f3n sea intencional (coincide con un nonce que se ha enviado por medio de un canal m\u00e1s seguro al auricular del llamante)."}], "id": "CVE-2018-11518", "lastModified": "2018-07-20T16:10:52.640", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-30T20:29:00.250", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://twitter.com/mishradhiraj_/status/1001664204485652482"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://twitter.com/mishradhiraj_/status/1001664440759091207"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object