CVE-2018-17892 Vulnerability Details

  /     /     /  

CVE-2018-17892 Metadata Quick Info

CVE Published: 12/10/2018 | CVE Updated: 16/09/2024 | CVE Year: 2018
Source: icscert | Vendor: NUUO | Product: NUUO CMS
Status : PUBLISHED

---

CVE-2018-17892 Description

NUUO CMS all versions 3.1 and prior, The application implements a method of user account control that causes standard account security features to not be utilized as intended, which could allow user account compromise and may allow for remote code execution.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-732
CWE Name: INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732
Source: NUUO

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).