CVE-2018-13802

Name of the Vulnerable Software and Affected Versions ROX II versions prior to V2.12.1

Description A vulnerability allows an authenticated attacker with high-privileged user account access via SSH to circumvent restrictions and execute arbitrary operating system commands. The attacker must have network access to the SSH interface on port 22/tcp and be authenticated to exploit the issue. This could enable an attacker to execute arbitrary code on the device.

Recommendations For versions prior to V2.12.1, update to version V2.12.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the SSH interface on port 22/tcp to minimize the risk of exploitation.