PT-2018-11131 · Ecos · Ecos System Management Appliance

Franz Girlich

Published

2018-06-17

Updated

2019-10-03

CVE-2018-12335

CVSS v3.1

7.3

High

Vector

AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions ECOS System Management Appliance (aka SMA) version 5.2.68

Description The issue concerns incorrect access control, allowing a user to compromise authentication keys and manipulate security configurations through unrestricted database access during Easy Enrollment.

Recommendations For version 5.2.68, consider restricting database access during Easy Enrollment to prevent unauthorized manipulation of security configurations and authentication keys. As a temporary workaround, limit access to the database to minimize the risk of exploitation.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2018-12335

Affected Products

Ecos System Management Appliance

PT-2018-11131 · Ecos · Ecos System Management Appliance

CVE-2018-12335

Weakness Enumeration

Related Identifiers

Affected Products

References · 3