PT-2018-12197 · Rox · Rox Ii

Published

2018-10-10

Updated

2019-10-09

CVE-2018-13802

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ROX II versions prior to V2.12.1

Description A vulnerability allows an authenticated attacker with high-privileged user account access via SSH to circumvent restrictions and execute arbitrary operating system commands. The attacker must have network access to the SSH interface on port 22/tcp and be authenticated to exploit the issue. This could enable an attacker to execute arbitrary code on the device.

Recommendations For versions prior to V2.12.1, update to version V2.12.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the SSH interface on port 22/tcp to minimize the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-269

Related Identifiers

CVE-2018-13802

Affected Products

Rox Ii

PT-2018-12197 · Rox · Rox Ii

CVE-2018-13802

Weakness Enumeration

Related Identifiers

Affected Products

References · 5