SB2018021904 - Multiple vulnerabilities in NAT32
Published: February 19, 2018
Security Bulletin ID
SB2018021904
Severity
High
Patch available
NO
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Cross-site request forgery (CVE-ID: CVE-2018-6941)
The vulnerability allows a remote unauthorized attacker to perform CSRF attack.The weakness exists due to improper validation of user-supplied input by the HTTPD component. A remote attacker can create a specially crafted HTTP request, trick the victim into visiting it, perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
2) Command injection (CVE-ID: CVE-2018-6940)
The vulnerability allows a remote attacker to execute arbitrary command on the target system.The weakness exists due to an error within the Password Checking feature. An attacker can disable Password Checking, inject and execute arbitrary commands.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.