CVE-2018-19878

EPSS 0.39%
Veröffentlicht 19.06.2019 16:15:10
Zuletzt bearbeitet 21.11.2024 03:58:44
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered on Teltonika RTU950 R_31.04.89 devices. The application allows a user to login without limitation. For every successful login request, the application saves a session. A user can re-login without logging out, causing the application to store the session in memory. Exploitation of this vulnerability will increase memory use and consume free space.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Teltonika ≫ Rut950 Firmware Versionr_31.04.89

Teltonika ≫ Rut950 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.594

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	6.8	8	6.9	AV:N/AC:L/Au:S/C:N/I:N/A:C

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://www.triadsec.com/

Not Applicable

https://www.triadsec.com/CVE-2018-19878.pdf

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2018-19878

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-19878

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-19878

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-19878