CVE-2018-11518

Severity Score

8.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece).

Una vulnerabilidad permite un ataque de phreaking en los sistemas IVR heredados de HCL que no emplean VoIP. Estos sistemas IVR dependen de varias frecuencias de señales de audio; se procesan ciertos comandos y funciones en base a dichas frecuencias. Ya que estas frecuentas se aceptan en una llamada telefónica, un atacante puede grabar estas frecuencias y emplearlas para realizar activaciones de servicios. Este es un problema de Request-Forgery cuando la serie de señales DTMF requerida para activar un servicio es predecible (por ejemplo, el sistema IVR no comunica un nonce al llamante). En este caso, el sistema IVR acepta una petición de activación de un canal menos seguro (cualquier altavoz en el entorno físico del llamante) sin verificar que la petición sea intencional (coincide con un nonce que se ha enviado por medio de un canal más seguro al auricular del llamante).

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-05-28 CVE Reserved
2018-05-30 CVE Published
2023-10-21 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (4)

URL	Tag	Source
http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html	Third Party Advisory
https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html	Third Party Advisory
https://twitter.com/mishradhiraj_/status/1001664204485652482	Third Party Advisory
https://twitter.com/mishradhiraj_/status/1001664440759091207	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Hcltech Search vendor "Hcltech"	Legacy Ivr Firmware Search vendor "Hcltech" for product "Legacy Ivr Firmware"	-	-	Affected	in	Hcltech Search vendor "Hcltech"	Legacy Ivr Search vendor "Hcltech" for product "Legacy Ivr"	-	-	Safe