CVE-2018-25236
CRITICAL SEVERITYCVSS Score & Metrics
Base Score
9.8 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Description
Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests. Attackers can exploit improper authentication handling to obtain the authentication status and privileges of a previously authenticated user without providing valid credentials.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-287
Source
NVD
Vendor
Belden
Product
Hirschmann HiOS, Hirschmann HiSecOS EAGLE
Discussion (0)
Add Comment
No comments yet. Be the first!