9.8
CVE-2018-25236
- EPSS 0.04%
- Veröffentlicht 03.04.2026 22:44:43
- Zuletzt bearbeitet 07.04.2026 13:20:55
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
Hirschmann HiOS HiSecOS Authentication Bypass via HTTP Management
Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests. Attackers can exploit improper authentication handling to obtain the authentication status and privileges of a previously authenticated user without providing valid credentials.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerBelden
≫
Produkt
Hirschmann HiOS
Default Statusunaffected
Version <=
05.07
Version
0
Status
affected
Version <=
06.1.04
Version
0
Status
affected
Version <=
06.2.00
Version
0
Status
affected
Version
06.1.05
Status
unaffected
Version
07.0.00
Status
unaffected
Version
03.1.00
Status
unaffected
HerstellerBelden
≫
Produkt
Hirschmann HiSecOS EAGLE
Default Statusunaffected
Version <=
03.00.02
Version
0
Status
affected
Version
03.0.03
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.11 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| disclosure@vulncheck.com | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.