Lucene search

MitreCVE-2018-11635

HistoryJul 03, 2018 - 5:29 p.m.

CVE-2018-11635

2018-07-0317:29:00

CWE-798

mitre

web.nvd.nist.gov

cve-2018-11635

dialogic powermedia xms

cryptography

authentication bypass

session data

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.01

Percentile

83.7%

JSON

Use of a Hard-coded Cryptographic Key used to protect cookie session data in /var/www/xms/application/config/config.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to bypass authentication.

Affected configurations

Nvd

Node

dialogicpowermedia_xmsRange≤3.5

VendorProductVersionCPE
dialogicpowermedia_xms*cpe:2.3:a:dialogic:powermedia_xms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dialogic	powermedia_xms	*	cpe:2.3:a:dialogic:powermedia_xms::::::::

References

d3adend.org/blog/?p=1398

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.01

Percentile

83.7%

JSON

Related for CVE-2018-11635