Vulnerability identifier: #VU80878
Vulnerability risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-367
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
RUGGEDCOM APE1808 ADM
Hardware solutions /
Firmware
RUGGEDCOM APE1808 ADM CC
Hardware solutions /
Firmware
RUGGEDCOM APE1808 CKP
Hardware solutions /
Firmware
RUGGEDCOM APE1808 CKP CC
Hardware solutions /
Firmware
RUGGEDCOM APE1808 CLOUDCONNECT
Hardware solutions /
Firmware
RUGGEDCOM APE1808 CLOUDCONNECT CC
Hardware solutions /
Firmware
RUGGEDCOM APE1808 ELAN
Hardware solutions /
Firmware
RUGGEDCOM APE1808 ELAN CC
Hardware solutions /
Firmware
RUGGEDCOM APE1808 SAM-L
Hardware solutions /
Firmware
RUGGEDCOM APE1808 SAM-L CC
Hardware solutions /
Firmware
RUGGEDCOM APE1808CLA-P
Hardware solutions /
Firmware
RUGGEDCOM APE1808CLA-P CC
Hardware solutions /
Firmware
RUGGEDCOM APE1808CLA-S1
Hardware solutions /
Firmware
RUGGEDCOM APE1808CLA-S1 CC
Hardware solutions /
Firmware
RUGGEDCOM APE1808CLA-S3
Hardware solutions /
Firmware
RUGGEDCOM APE1808CLA-S3 CC
Hardware solutions /
Firmware
RUGGEDCOM APE1808CLA-S5
Hardware solutions /
Firmware
RUGGEDCOM APE1808CLA-S5 CC
Hardware solutions /
Firmware
RUGGEDCOM APE1808LNX
Hardware solutions /
Firmware
RUGGEDCOM APE1808LNX CC
Hardware solutions /
Firmware
RUGGEDCOM APE1808W10
Hardware solutions /
Firmware
RUGGEDCOM APE1808W10 CC
Hardware solutions /
Firmware
Vendor:
Description
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to a time-of-check, time-of-use (TOCTOU) race condition. A local attacker can alter data and code used by the remainder of the boot process.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://cert-portal.siemens.com/productcert/txt/ssa-957369.txt
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.