8.8
CVE-2018-15358
- EPSS 0.55%
- Veröffentlicht 17.08.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:50:37
- Quelle vulnerability@kaspersky.com
- CVE-Watchlists
- Unerledigt
LoginAn authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Eltex ≫ Esp-200 Firmware Version1.2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.55% | 0.676 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.