Back to CVE List

CVE-2018-25236

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score
9.8 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Description

Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests. Attackers can exploit improper authentication handling to obtain the authentication status and privileges of a previously authenticated user without providing valid credentials.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-287
Source
NVD
Vendor
Belden
Product
Hirschmann HiOS, Hirschmann HiSecOS EAGLE

External References

Discussion (0)

Add Comment

No comments yet. Be the first!