CVE-2018-25236
🟠 Łataj w tym tygodniu
Obejście uwierzytelnienia w produktach Hirschmann HiOS i HiSecOS umożliwia zdalny dostęp administracyjny.
CVSS
9.8
EPSS
0.0%
Exploit
none
Vendor
Opis źródłowy (NVD)
Hirschmann HiOS and HiSecOS products RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by crafting specially formed HTTP requests. Attackers can exploit improper authentication handling to obtain the authentication status and privileges of a previously authenticated user without providing valid credentials.
auth-bypass
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.0% |
| Opublikowano (NVD) | 2026-04-03 23:17:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-07 13:20:55 UTC |
Referencje
- https://assets.belden.com/m/52ecadbb5f1b0e04/original/Security-Bulletin-Web-Server-Authentication-Bypass-HiOS-HiSecOS-Hirschmann-BSECV-2018-05.pdf (disclosure@vulncheck.com)
- https://www.vulncheck.com/advisories/hirschmann-hios-hisecos-authentication-bypass-via-http-management (disclosure@vulncheck.com)