PT-2018-10718 · Dialogic · Dialogic Powermedia Xms

Published

2018-07-03

Updated

2019-10-03

CVE-2018-11634

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dialogic PowerMedia XMS versions prior to 3.5 SU2

Description The issue allows local users to access user passwords in cleartext by reading the /var/www/xms/xmsdb/default.db file. This occurs due to plaintext storage of passwords in the administrative console.

Recommendations For versions prior to 3.5 SU2, update to version 3.5 SU2 or later to resolve the issue. As a temporary workaround, consider restricting access to the /var/www/xms/xmsdb/default.db file to minimize the risk of exploitation.

Exploit

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2018-11634

Affected Products

Dialogic Powermedia Xms

PT-2018-10718 · Dialogic · Dialogic Powermedia Xms

CVE-2018-11634

Weakness Enumeration

Related Identifiers

Affected Products

References · 3