PT-2018-18670 · Echelon · Echelon Smartserver 2+2

Publicado

2018-07-24

Atualizado

2019-10-09

CVE-2018-8859

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Echelon SmartServer 1 versions all Echelon SmartServer 2 versions prior to 4.11.007 Echelon i.LON 100 versions all

Description The issue allows an attacker to bypass required authentication by including extra characters in the directory name.

Recommendations For Echelon SmartServer 1, update to a version that includes the fix for this issue, if available. For Echelon SmartServer 2 versions prior to 4.11.007, update to release 4.11.007 or later. For Echelon i.LON 100, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Authentication Bypass Using an Alternate Path or Channel

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-288CWE-287

Identificadores relacionados

CVE-2018-8859

Produtos afetados

Echelon Smartserver 1

Echelon Smartserver 2

Echelon I.Lon 100

PT-2018-18670 · Echelon · Echelon Smartserver 2+2

CVE-2018-8859

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3