exploitDog

CVE-2018-15485

Опубликовано: 07 сент. 2018

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03.

Ссылки

http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html
Third Party Advisory
VDB Entry
https://www.kone.com/en/vulnerability.aspx
Vendor Advisory
http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html
Third Party Advisory
VDB Entry
https://www.kone.com/en/vulnerability.aspx
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:kone:group_controller_firmware:*:*:*:*:*:*:*:*

Версия до 4.6.5 (исключая)

cpe:2.3:h:kone:group_controller:-:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01131

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-fxp2-r3h5-gcwf

CVSS3: 9.1

github

больше 3 лет назад

An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03.

EPSS

Процентиль: 78%

0.01131

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-287