CVE-2018-25236

Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Management

CVSS 9.3 CRITICALEPSS 0.5%CWE-287

Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests. Attackers can exploit improper authentication handling to obtain the authentication status and privileges of a previously authenticated user without providing valid credentials.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

Belden · Hirschmann HiOS Belden · Hirschmann HiSecOS EAGLE

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://assets.belden.com/m/52ecadbb5f1b0e04/original/Security-Bulletin-Web-Server-Authentication-Bypass-HiOS-HiSecOS-Hirschmann-BSECV-2018-05.pdf https://www.vulncheck.com/advisories/hirschmann-hios-hisecos-authentication-bypass-via-http-management