PT-2018-11131 · Ecos · Ecos System Management Appliance

Franz Girlich

+2

·

Publicado

2018-06-17

·

Atualizado

2019-10-03

·

CVE-2018-12335

CVSS v3.1

7.3

Alta

VetorAV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions ECOS System Management Appliance (aka SMA) version 5.2.68
Description The issue concerns incorrect access control, allowing a user to compromise authentication keys and manipulate security configurations through unrestricted database access during Easy Enrollment.
Recommendations For version 5.2.68, consider restricting database access during Easy Enrollment to prevent unauthorized manipulation of security configurations and authentication keys. As a temporary workaround, limit access to the database to minimize the risk of exploitation.

Correção

Incorrect Permission

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-732

Identificadores relacionados

CVE-2018-12335

Produtos afetados

Ecos System Management Appliance