CVE-2018-15358

Опубликовано: 17 авг. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0.

Ссылки

https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-014-eltex-esp-200-router-build-in-user-with-highest-privileges/
Third Party Advisory
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-014-eltex-esp-200-router-build-in-user-with-highest-privileges/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:eltex:esp-200_firmware:1.2.0:*:*:*:*:*:*:*

cpe:2.3:h:eltex:esp-200:-:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.005

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-4m4w-ppgv-r57x