CVE-2018-7100 - OpenCVE

A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could allow local disclosure of sensitive information.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Officeconnect 1810-24g Switch Officeconnect 1810-24g Switch Firmware Officeconnect 1810-48g Switch Officeconnect 1810-48g Switch Firmware Officeconnect 1810-8 V2 Switch Officeconnect 1810-8 V2 Switch Firmware

Configuration 1 [-]

AND

cpe:2.3:o:hp:officeconnect_1810-24g_switch_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:officeconnect_1810-24g_switch:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hp:officeconnect_1810-48g_switch_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:officeconnect_1810-48g_switch:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hp:officeconnect_1810-8_v2_switch_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hp:officeconnect_1810-8_v2_switch:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securitytracker.com/id/1041445
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03858en_us

History

No history.

MITRE

Status: PUBLISHED

Assigner: hpe

Published: 2018-08-14T14:00:00

Updated: 2024-08-05T06:17:17.460Z

Reserved: 2018-02-15T00:00:00

Link: CVE-2018-7100

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-08-14T14:29:01.463

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-7100

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "HP 1810-24G, HP 1810-48G, HP 1810-8 v2 Switches", "vendor": "Hewlett Packard Enterprise", "versions": [{"status": "affected", "version": "HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions"}]}], "datePublic": "2018-08-10T00:00:00", "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could allow local disclosure of sensitive information."}], "problemTypes": [{"descriptions": [{"description": "local disclosure of sensitive information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-15T09:57:01", "orgId": "eb103674-0d28-4225-80f8-39fb86215de0", "shortName": "hpe"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03858en_us"}, {"name": "1041445", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041445"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@hpe.com", "ID": "CVE-2018-7100", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HP 1810-24G, HP 1810-48G, HP 1810-8 v2 Switches", "version": {"version_data": [{"version_value": "HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions"}]}}]}, "vendor_name": "Hewlett Packard Enterprise"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could allow local disclosure of sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "local disclosure of sensitive information"}]}]}, "references": {"reference_data": [{"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03858en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03858en_us"}, {"name": "1041445", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041445"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:17:17.460Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03858en_us"}, {"name": "1041445", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041445"}]}]}, "cveMetadata": {"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0", "assignerShortName": "hpe", "cveId": "CVE-2018-7100", "datePublished": "2018-08-14T14:00:00", "dateReserved": "2018-02-15T00:00:00", "dateUpdated": "2024-08-05T06:17:17.460Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:officeconnect_1810-24g_switch_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CB3FC75-9469-42E6-9A5F-56B8912E86A5", "versionEndIncluding": "p.2.22", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:officeconnect_1810-24g_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "24E64365-99A2-4434-B26F-69A643D5624D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:officeconnect_1810-48g_switch_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "145B9BAA-4481-4D1E-9F89-810585495830", "versionEndIncluding": "pk.1.34", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:officeconnect_1810-48g_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "2577CCA9-309D-4864-BDC3-B25AEF6A14C2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:officeconnect_1810-8_v2_switch_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E1C3F88-6A50-44A3-B956-FB06D660555E", "versionEndIncluding": "p.2.22", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hp:officeconnect_1810-8_v2_switch:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94FF4C9-B659-404A-AE88-CE0D8CE952DD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could allow local disclosure of sensitive information."}, {"lang": "es", "value": "Se ha identificado una potencial vulnerabilidad de seguridad en HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 y versiones anteriores, HP 1810-48G PK.1.34 y versiones anteriores y HP 1810-8 v2 P.2.22 y versiones anteriores). La vulnerabilidad podr\u00eda permitir la divulgaci\u00f3n local de informaci\u00f3n sensible."}], "id": "CVE-2018-7100", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-14T14:29:01.463", "references": [{"source": "security-alert@hpe.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041445"}, {"source": "security-alert@hpe.com", "tags": ["Vendor Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03858en_us"}], "sourceIdentifier": "security-alert@hpe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}