CVE-2018-5469 — CRITICAL (9.8)

Vulnerability Description

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An improper restriction of excessive authentication vulnerability in the web interface has been identified, which may allow an attacker to brute force authentication.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Belden	Hirschmann Rs20-0900Mmm2Tdau	-
Belden	Hirschmann Rs20-0900Nnm4Tdau	-
Belden	Hirschmann Rs20-0900Vvm2Tdau	-
Belden	Hirschmann Rs20-1600L2L2Sdau	-
Belden	Hirschmann Rs20-1600L2M2Sdau	-
Belden	Hirschmann Rs20-1600L2S2Sdau	-
Belden	Hirschmann Rs20-1600L2T1Sdau	-
Belden	Hirschmann Rs20-1600M2M2Sdau	-
Belden	Hirschmann Rs20-1600M2T1Sdau	-
Belden	Hirschmann Rs20-1600S2M2Sdau	-
Belden	Hirschmann Rs20-1600S2S2Sdau	-
Belden	Hirschmann Rs20-1600S2T1Sdau	-
Belden	Hirschmann Rsr20	-
Belden	Hirschmann Rsr30	-
Belden	Hirschmann Rsb20-0800M2M2Saab	-
Belden	Hirschmann Rsb20-0800M2M2Saabe	-
Belden	Hirschmann Rsb20-0800M2M2Taab	-
Belden	Hirschmann Rsb20-0800M2M2Taabe	-
Belden	Hirschmann Rsb20-0800S2S2Saab	-
Belden	Hirschmann Rsb20-0800S2S2Saabe	-

Related Weaknesses (CWE)

CWE-307

References

http://www.securityfocus.com/bid/103340Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01MitigationThird Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/103340Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01MitigationThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2018-5469?

CVE-2018-5469 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An Improper Restriction of Excessive Authentication Attempts issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An improper...

How severe is CVE-2018-5469?

CVE-2018-5469 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-5469?

Check the references section above for vendor advisories and patch information. Affected products include: Belden Hirschmann Rs20-0900Mmm2Tdau, Belden Hirschmann Rs20-0900Nnm4Tdau, Belden Hirschmann Rs20-0900Vvm2Tdau, Belden Hirschmann Rs20-1600L2L2Sdau, Belden Hirschmann Rs20-1600L2M2Sdau.