Vulnerability identifier: #VU15318

Vulnerability risk: Low

CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2018-17917

CWE-ID: CWE-341

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
XMeye P2P Cloud Server
Server applications / Web servers

Vendor: Hangzhou Xiongmai Technology Co., Ltd

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to unspecified flaw. A remote attacker can use MAC addresses, enumerate potential Cloud IDs and use it to discover and connect to valid devices using one of the supported apps.

Mitigation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

Vulnerable software versions

XMeye P2P Cloud Server: All versions

---

External links
http://ics-cert.us-cert.gov/advisories/ICSA-18-282-06

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.