CVE-2018-17892

Published: Oct 12, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

NUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account security features to not be utilized as intended, which could allow user account compromise and may allow for remote code execution.

Affected (1)

Products: Nuuo: Nuuo Cms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nuuo Nuuo Cms	Up to 3.1

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

http://www.securityfocus.com/bid/105717

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02

Source: ics-cert@hq.dhs.gov

PatchThird Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/105717

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryUS Government Resource

Timeline

No history available yet.