PT-2018-17303 · Silex+1 · Silex Sx-500+1

Publicado

2018-05-09

Atualizado

2018-06-13

CVE-2018-6020

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Silex SX-500 versions all GE MobileLink version 1.54 and prior

Description The issue concerns authentication verification when making certain POST requests. Specifically, authentication is not properly verified, which may allow attackers to modify system settings.

Recommendations For Silex SX-500, update to a version that properly verifies authentication for all requests. For GE MobileLink version 1.54 and prior, update to a version that properly verifies authentication for all requests. As a temporary workaround, consider restricting access to the system settings until a patch is available.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2018-6020

Produtos afetados

Ge Mobilelink

Silex Sx-500

PT-2018-17303 · Silex+1 · Silex Sx-500+1

CVE-2018-6020

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3