CVE-2018-11518
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can record these frequencies and use them for service activations. This is a request-forgery issue when the required series of DTMF signals for a service activation is predictable (e.g., the IVR system does not speak a nonce to the caller). In this case, the IVR system accepts an activation request from a less-secure channel (any loudspeaker in the caller's physical environment) without verifying that the request was intended (it matches a nonce sent over a more-secure channel to the caller's earpiece).
Una vulnerabilidad permite un ataque de phreaking en los sistemas IVR heredados de HCL que no emplean VoIP. Estos sistemas IVR dependen de varias frecuencias de señales de audio; se procesan ciertos comandos y funciones en base a dichas frecuencias. Ya que estas frecuentas se aceptan en una llamada telefónica, un atacante puede grabar estas frecuencias y emplearlas para realizar activaciones de servicios. Este es un problema de Request-Forgery cuando la serie de señales DTMF requerida para activar un servicio es predecible (por ejemplo, el sistema IVR no comunica un nonce al llamante). En este caso, el sistema IVR acepta una petición de activación de un canal menos seguro (cualquier altavoz en el entorno físico del llamante) sin verificar que la petición sea intencional (coincide con un nonce que se ha enviado por medio de un canal más seguro al auricular del llamante).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-05-28 CVE Reserved
- 2018-05-30 CVE Published
- 2023-10-21 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://virgil-cj.blogspot.com/2018/05/0day-legacy-ivr-lets-phreak.html | Third Party Advisory | |
https://datarift.blogspot.com/2018/05/CVE-2018-11518-abusing-ivr-systems.html | Third Party Advisory | |
https://twitter.com/mishradhiraj_/status/1001664204485652482 | Third Party Advisory | |
https://twitter.com/mishradhiraj_/status/1001664440759091207 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Hcltech Search vendor "Hcltech" | Legacy Ivr Firmware Search vendor "Hcltech" for product "Legacy Ivr Firmware" | - | - |
Affected
| in | Hcltech Search vendor "Hcltech" | Legacy Ivr Search vendor "Hcltech" for product "Legacy Ivr" | - | - |
Safe
|