#VU15320 Privilege escalation in XMeye P2P Cloud Server - CVE-2018-17915
Published: October 11, 2018
Vulnerability identifier: #VU15320
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-17915
CWE-ID: CWE-311
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
XMeye P2P Cloud Server
XMeye P2P Cloud Server
Software vendor:
Hangzhou Xiongmai Technology Co., Ltd
Hangzhou Xiongmai Technology Co., Ltd
Description
The vulnerability allows a remote attacker to gain elevated privileges.
The vulnerability exists due to missing encryption of sensitive data. A remote attacker can eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code.
Remediation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.