CVE-2018-15885

Exploit

EPSS 0.39%
Veröffentlicht 26.08.2018 21:29:00
Zuletzt bearbeitet 21.11.2024 03:51:38
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the product uses a compression technique to prevent the identification of certain libraries in the software by obfuscation. The software relies on a TLS callback and an additional executable file to enable these libraries and their access to certain websites. The unpacked software can be exploited by several different types of documented techniques.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ovation ≫ Findme Version1.4-1083-1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.573

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/GitHubAssessments/CVE_Assessment_02_2018/blob/master/FindMe_Report.pdf

Third Party Advisory

Exploit

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2018-15885

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-15885

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-15885

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-15885