Lucene search

AttackerKBAKB:C4DD3F24-796A-4A1A-8E1E-DE5E4F6D3E48

HistoryAug 15, 2018 - 12:00 a.m.

CVE-2018-15153

2018-08-1500:00:00

attackerkb.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.867 High

EPSS

Percentile

98.2%

JSON

OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the “hylafax_server” global variable in interface/super/edit_globals.php.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15153

github.com/openemr/openemr/pull/1757

insecurity.sh/reports/openemr.pdf

www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity

www.exploit-db.com/exploits/45161

www.open-emr.org/wiki/index.php/OpenEMR_Patches

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.867 High

EPSS

Percentile

98.2%

JSON

Related for AKB:C4DD3F24-796A-4A1A-8E1E-DE5E4F6D3E48