Main Vulnerability Database Vulnerabilities #VU22302

#VU22302 Permissions, Privileges, and Access Controls in ClonOS - CVE-2019-18418

Published: October 25, 2019

Vulnerability identifier: #VU22302

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2019-18418

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
ClonOS

Software vendor:
ClonOS

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to missing session management in the "clonos.php" file. A remote attacker can change password requests and gain full access to the target system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability

#VU22302 Permissions, Privileges, and Access Controls in ClonOS - CVE-2019-18418

Description

Remediation

External links

Please verify you're human