CVE-2018-20385
Last modified
CVE-2018-20385 is a vulnerability of currently unknown severity. CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553mp1.39219mp1.899.005ITT, CBW383G4J 37.556mp5.008, and CBW38G4J 37.553mp1.008 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.. EPSS estimates a 1.51% chance of exploitation in the next 30 days.
Description
CastleNet CBV38Z4EC 125.553mp1.39219mp1.899.007, CBV38Z4ECNIT 125.553mp1.39219mp1.899.005ITT, CBW383G4J 37.556mp5.008, and CBW38G4J 37.553mp1.008 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Castlenet | Cbv38z4ec Firmware | 25.553mp1.39219mp1.899.007 |
| Castlenet | Cbv38z4ecnit Firmware | 125.553mp1.39219mp1.899.005itt |
| Castlenet | Cbw383g4j Firmware | 37.556mp5.008 |
| Castlenet | Cbw38g4j Firmware | 37.553mp1.008 |
References
- https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csvThird Party Advisory
- https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.htmlExploit, Third Party Advisory
- https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csvThird Party Advisory
- https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.htmlExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-20385?
How severe is CVE-2018-20385?
How do I fix CVE-2018-20385?
Are you affected by CVE-2018-20385?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST