CVE-2018-18960 - OpenCVE

An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Epson	Epson Workforce Wf-2861 Epson Workforce Wf-2861 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:epson:epson_workforce_wf-2861_firmware:10.48_lq22i3:::::::*
	cpe:2.3:o:epson:epson_workforce_wf-2861_firmware:10.51.lq20i6:::::::*
	cpe:2.3:o:epson:epson_workforce_wf-2861_firmware:10.52.lq17ia:::::::*

cpe:2.3:h:epson:epson_workforce_wf-2861:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/epistemophilia/CVEs/blob/master/Epson-WorkForce-WF2861/CVE-2018-18960/poc-cve-2018-18960.py

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-12-24T17:00:00

Updated: 2024-08-05T11:23:08.484Z

Reserved: 2018-11-05T00:00:00

Link: CVE-2018-18960

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-12-24T17:29:00.347

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-18960

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-11-29T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-24T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/epistemophilia/CVEs/blob/master/Epson-WorkForce-WF2861/CVE-2018-18960/poc-cve-2018-18960.py"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18960", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/epistemophilia/CVEs/blob/master/Epson-WorkForce-WF2861/CVE-2018-18960/poc-cve-2018-18960.py", "refsource": "MISC", "url": "https://github.com/epistemophilia/CVEs/blob/master/Epson-WorkForce-WF2861/CVE-2018-18960/poc-cve-2018-18960.py"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:23:08.484Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/epistemophilia/CVEs/blob/master/Epson-WorkForce-WF2861/CVE-2018-18960/poc-cve-2018-18960.py"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18960", "datePublished": "2018-12-24T17:00:00", "dateReserved": "2018-11-05T00:00:00", "dateUpdated": "2024-08-05T11:23:08.484Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:epson:epson_workforce_wf-2861_firmware:10.48_lq22i3:*:*:*:*:*:*:*", "matchCriteriaId": "4632EEE5-3459-4503-ADAB-9AA3E18C9B53", "vulnerable": true}, {"criteria": "cpe:2.3:o:epson:epson_workforce_wf-2861_firmware:10.51.lq20i6:*:*:*:*:*:*:*", "matchCriteriaId": "4B04ED1A-63D4-4E8F-BA06-6D86D88E538D", "vulnerable": true}, {"criteria": "cpe:2.3:o:epson:epson_workforce_wf-2861_firmware:10.52.lq17ia:*:*:*:*:*:*:*", "matchCriteriaId": "BBF6BA43-888F-484A-B953-0D3C043CEDD1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:epson:epson_workforce_wf-2861:-:*:*:*:*:*:*:*", "matchCriteriaId": "9956990F-90B0-4AC9-AEBE-8959583E7ED3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing an amplification attack."}, {"lang": "es", "value": "Se ha descubierto un problema en dispositivos Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 y 10.52.LQ17IA. Emplean SNMP para encontrar ciertos dispositivos en la red, pero la versi\u00f3n por defecto es v2c, lo que permite un ataque de amplificaci\u00f3n."}], "id": "CVE-2018-18960", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-24T17:29:00.347", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/epistemophilia/CVEs/blob/master/Epson-WorkForce-WF2861/CVE-2018-18960/poc-cve-2018-18960.py"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}