PT-2018-9975 · Watchguard · Watchguard Ap300+3

Stephen Shkardoon

Publicado

2018-05-02

Atualizado

2018-06-13

CVE-2018-10578

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: WatchGuard AP100 versions prior to 1.2.9.15 WatchGuard AP102 versions prior to 1.2.9.15 WatchGuard AP200 versions prior to 1.2.9.15 WatchGuard AP300 versions prior to 2.0.0.10

Description: An issue allows an attacker to bypass validation of the old password field in the change password form due to incorrect validation.

Recommendations: For WatchGuard AP100 versions prior to 1.2.9.15, update to version 1.2.9.15 or later. For WatchGuard AP102 versions prior to 1.2.9.15, update to version 1.2.9.15 or later. For WatchGuard AP200 versions prior to 1.2.9.15, update to version 1.2.9.15 or later. For WatchGuard AP300 versions prior to 2.0.0.10, update to version 2.0.0.10 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2018-10578

Produtos afetados

Watchguard Ap100

Watchguard Ap102

Watchguard Ap200

Watchguard Ap300

PT-2018-9975 · Watchguard · Watchguard Ap300+3

CVE-2018-10578

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3