PT-2018-10725 · Dialogic · Dialogic Powermedia Xms

Publicado

2018-07-03

Atualizado

2018-09-04

CVE-2018-11641

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dialogic PowerMedia XMS versions prior to 3.5

Description The issue concerns the use of hard-coded credentials in the administrative console, specifically in the /var/www/xms/application/controllers/gatherLogs.php file. This allows remote attackers to interact with a web service, potentially leading to unauthorized access.

Recommendations For versions prior to 3.5, consider disabling access to the gatherLogs.php file in the administrative console until a patch is available. Restrict access to the administrative console to minimize the risk of exploitation.

Exploit

Correção

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798

Identificadores relacionados

CVE-2018-11641

Produtos afetados

Dialogic Powermedia Xms

PT-2018-10725 · Dialogic · Dialogic Powermedia Xms

CVE-2018-11641

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3