PT-2018-18670 · Echelon · Echelon Smartserver 2+2

Published

2018-07-24

Updated

2019-10-09

CVE-2018-8859

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Echelon SmartServer 1 versions all Echelon SmartServer 2 versions prior to 4.11.007 Echelon i.LON 100 versions all

Description The issue allows an attacker to bypass required authentication by including extra characters in the directory name.

Recommendations For Echelon SmartServer 1, update to a version that includes the fix for this issue, if available. For Echelon SmartServer 2 versions prior to 4.11.007, update to release 4.11.007 or later. For Echelon i.LON 100, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Authentication Bypass Using an Alternate Path or Channel

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288CWE-287

Related Identifiers

CVE-2018-8859

Affected Products

Echelon Smartserver 1

Echelon Smartserver 2

Echelon I.Lon 100

PT-2018-18670 · Echelon · Echelon Smartserver 2+2

CVE-2018-8859

Weakness Enumeration

Related Identifiers

Affected Products

References · 3