CVE-2018-17892 - NUUO CMS all versions 3.1 and prior, The application implements a method of user account control tha

CVE-2018-17892

Summary

NUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account security features to not be utilized as intended, which could allow user account compromise and may allow for remote code execution.

References

http://www.securityfocus.com/bid/105717
https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02

Vulnerable Configurations

cpe:2.3:a:nuuo:nuuo_cms:3.1:*:*:*:*:*:*:*
cpe:2.3:a:nuuo:nuuo_cms:3.1:*:*:*:*:*:*:*

CVSS

Base:	6.5 (as of 09-10-2019 - 23:37)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:P

refmap via4

bid	105717
misc	https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02

Last major update

09-10-2019 - 23:37

Published

12-10-2018 - 14:29

Last modified

09-10-2019 - 23:37