Main Vulnerability Database Vulnerabilities #VU15328

Use of obsolete function in NUUO CMS - CVE-2018-17890

Published: October 12, 2018

Vulnerability identifier: #VU15328

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-17890

CWE-ID: CWE-477

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
NUUO CMS

Software vendor:
NUUO Inc.

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use of insecure and outdate software components for functionality. A remote unauthenticated attacker can execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Update to version 3.3 or later.

External links

https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02

Use of obsolete function in NUUO CMS - CVE-2018-17890

Description

Remediation

External links

Please verify you're human