Vulnerability Details : CVE-2019-18418
Potential exploit
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management.
Products affected by CVE-2019-18418
- cpe:2.3:o:clonos:clonos:19.09:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-18418
10.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-18418
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-18418
-
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-18418
-
https://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability
GitHub - Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability: CVE-2019-XXXXXExploit;Third Party Advisory
-
http://packetstormsecurity.com/files/154986/ClonOs-WEB-UI-19.09-Improper-Access-Control.html
ClonOs WEB UI 19.09 Improper Access Control ≈ Packet Storm
Jump to