JVN#23161885: Multiple vulnerabilities in Cybozu Remote Service

Overview

Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities.

Products Affected

CVE-2018-16169

Cybozu Remote Service 3.0.0 to 3.1.0

CVE-2018-16170, CVE-2018-16171, CVE-2018-16172

Cybozu Remote Service 3.0.0 to 3.1.8

According to the developer, CVE-2018-16170 is confirmed only for Windows.

Description

Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below.

Upload of arbitrary files in logo setting screen (CWE-434) - CVE-2018-16169

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8

CVSS v2 AV:N/AC:L/Au:S/C:P/I:P/A:P Base Score: 6.5
Directory traversal in used device management screen (CWE-22) - CVE-2018-16170

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H Base Score: 9.6

CVSS v2 AV:N/AC:L/Au:S/C:N/I:P/A:P Base Score: 5.5
Directory traversal in client certificates registration function (CWE-22) - CVE-2018-16171

CVSS v3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score: 7.5

CVSS v2 AV:N/AC:H/Au:N/C:P/I:P/A:P Base Score: 5.1
Improper countermeasure against clickjacking attack in client certificates management screen (CWE-451) - CVE-2018-16172

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Base Score: 6.5

CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6

Impact

Arbitrary Java code may be executed on the server. - CVE-2018-16169, CVE-2018-16171
Arbitrary files on the server may be deleted. - CVE-2018-16170
A user is tricked to delete registered client certificates. - CVE-2018-16172

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Vendor Status

Vendor	Status	Last Update	Vendor Notes
Cybozu, Inc.	Vulnerable	2018/12/10	Cybozu, Inc. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Cybozu, Inc. reported CVE-2018-16169 vulnerability to JPCERT/CC to notify users of the solution through JVN.

Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported CVE-2018-16170 and CVE-2018-16171 vulnerabilities to Cybozu, Inc., and Cybozu, Inc. reported them to JPCERT/CC to notify users of the solutions through JVN.

Kanta Nishitani reported CVE-2018-16172 vulnerability to Cybozu, Inc., and Cybozu, Inc. reported it to JPCERT/CC to notify users of its solution through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2018-16169
	CVE-2018-16170
	CVE-2018-16171
	CVE-2018-16172
JVN iPedia	JVNDB-2018-000126

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	Base Score: 8.8
CVSS v2	AV:N/AC:L/Au:S/C:P/I:P/A:P	Base Score: 6.5

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H	Base Score: 9.6
CVSS v2	AV:N/AC:L/Au:S/C:N/I:P/A:P	Base Score: 5.5

CVSS v3	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H	Base Score: 7.5
CVSS v2	AV:N/AC:H/Au:N/C:P/I:P/A:P	Base Score: 5.1

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	Base Score: 6.5
CVSS v2	AV:N/AC:H/Au:N/C:N/I:P/A:N	Base Score: 2.6

JVN#23161885 Multiple vulnerabilities in Cybozu Remote Service