PT-2018-10725 · Dialogic · Dialogic Powermedia Xms

Published

2018-07-03

Updated

2018-09-04

CVE-2018-11641

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dialogic PowerMedia XMS versions prior to 3.5

Description The issue concerns the use of hard-coded credentials in the administrative console, specifically in the /var/www/xms/application/controllers/gatherLogs.php file. This allows remote attackers to interact with a web service, potentially leading to unauthorized access.

Recommendations For versions prior to 3.5, consider disabling access to the gatherLogs.php file in the administrative console until a patch is available. Restrict access to the administrative console to minimize the risk of exploitation.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2018-11641

Affected Products

Dialogic Powermedia Xms

PT-2018-10725 · Dialogic · Dialogic Powermedia Xms

CVE-2018-11641

Weakness Enumeration

Related Identifiers

Affected Products

References · 3