Main Vulnerability Database Vulnerabilities #VU16608

Authentication bypass in CMS-770 - CVE-2018-17928

Published: December 18, 2018 / Updated: December 19, 2018

Vulnerability identifier: #VU16608

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-17928

CWE-ID: CWE-287

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: ABB

Affected software:
CMS-770

Detailed vulnerability description

The vulnerability allows an adjacent attacker to bypass authentication on the target system.

The vulnerability exists due to improper authentication. An adjacent attacker can bypass the user authentication mechanism and read sensitive configuration files that the attacker can use to take over the entire device.

How to mitigate CVE-2018-17928

Install update from vendor's website.

Sources

http://search-ext.abb.com/library/Download.aspx?DocumentID=ABBVU-EPBP-R-5673&LanguageCode=en&DocumentPartId=2CKA008100A0351%3B%202CCA688307R0001&Action=Launch

Authentication bypass in CMS-770 - CVE-2018-17928

Detailed vulnerability description

How to mitigate CVE-2018-17928

Sources

Please verify you're human