PT-2018-9475 · Mycroft · Mycroft Ai

Nhoya

Published

2018-07-09

Updated

2019-10-03

CVE-2018-1000621

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mycroft AI mycroft-core versions 18.2.8b and earlier

Description The issue is related to an Incorrect Access Control vulnerability in the Websocket configuration, which can lead to code execution. This problem can be exploited through remote access to the unsecured websocket server. The vulnerability specifically affects Mycroft for Linux and "non-enclosure" installs, while Mark 1 and Picroft are not impacted.

Recommendations For Mycroft AI mycroft-core versions 18.2.8b and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2018-1000621

Affected Products

Mycroft Ai

PT-2018-9475 · Mycroft · Mycroft Ai

CVE-2018-1000621

Weakness Enumeration

Related Identifiers

Affected Products

References · 4