CVE-2018-10286

Published: Apr 22, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated.

Affected (1)

Products: Ericssonlg: Ipecs Nms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ericssonlg Ipecs Nms	Version a.1ac

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (4)

https://gist.github.com/berkgoksel/fde102503c457c0344e2e53b7971437a

Source: cve@mitre.org

Third Party Advisory

https://www.exploit-db.com/exploits/44515/

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://gist.github.com/berkgoksel/fde102503c457c0344e2e53b7971437a

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.exploit-db.com/exploits/44515/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.