Full Report
A remote attacker can get sensitive information that expands attack surface.
Analysis Summary
# Vulnerability: Zipato Zipabox Sensitive Information Disclosure
## CVE Details
- **CVE ID:** CVE-2018-15125
- **CVSS Score:** 8.6 (High) *Note: While the article text mentions 0.0, the provided CVSS vector (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N) calculates to 8.6.*
- **CWE:** CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor)
## Affected Systems
- **Products:** Zipato Zipabox (Smart Home Controller)
- **Versions:** Versions prior to June 2018 hardware/software revisions.
- **Configurations:** Devices connected to the network and accessible remotely.
## Vulnerability Description
The Zipato Zipabox smart home controller suffers from a sensitive information disclosure vulnerability. An unauthenticated remote attacker can access specific endpoints or services that leak technical details about active devices. This information can include device identifiers and specific configuration data that effectively expands the attack surface for further exploitation of the smart home environment.
## Exploitation
- **Status:** Unknown (Exploit existence not publicly confirmed by vendor, but technical details are documented).
- **Complexity:** Low
- **Attack Vector:** Network
## Impact
- **Confidentiality:** High (Attacker can extract sensitive technical information about "alive" devices).
- **Integrity:** None
- **Availability:** None
## Remediation
### Patches
- **Vendor Status:** On June 6, 2018, the vendor notified researchers that some vulnerabilities were fixed. Users should ensure their Zipabox firmware is updated to the latest available version provided by Zipato.
- **Note:** Kaspersky ICS CERT indicated that the vendor stopped responding to follow-up communications regarding the full verification of these fixes.
### Workarounds
- **Network Segmentation:** Place IoT devices like the Zipabox on a separate VLAN or isolated network segment to prevent unauthorized access from the broader internet or compromised local devices.
- **Access Control:** Disable remote access features unless strictly necessary and use a VPN for remote management.
## Detection
- **Indicators of Compromise:** Unusual inbound traffic to the Zipabox management interface from unknown external IP addresses.
- **Detection Methods:** Monitor network logs for unauthorized scanning or information retrieval requests targeting the Zipabox controller.
## References
- **Kaspersky ICS CERT:** hxxps[://]ics-cert[.]kaspersky[.]com/advisories/2018/08/08/klcert-18-217-zipato-zipabox-sensitive-information-disclosure/
- **NVD CVE-2018-15125:** hxxps[://]nvd[.]nist[.]gov/vuln/detail/CVE-2018-15125
- **CVSS Calculator:** hxxps[://]www[.]first[.]org/cvss/calculator/3.1#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N