8.1
CVE-2018-12333
- EPSS 0.43%
- Veröffentlicht 17.06.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:45:00
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginInsufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ecos ≫ Secure Boot Stick Firmware Version5.6.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.34 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-345 Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html