CVE-2018-25236: Authentication Bypass in Hirschmann HiOS/HiSecOS
Plattform
linux
Komponente
hirschmann-hios
CVE-2018-25236 represents an authentication bypass vulnerability discovered in Hirschmann HiOS and HiSecOS products, specifically affecting RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, and EAGLE devices. This flaw allows unauthenticated remote attackers to gain administrative access by manipulating HTTP requests, effectively circumventing the intended authentication process. The vulnerability impacts versions 0–07.0.00, and as of the publication date, a fix is not yet available.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2018-25236?
CVE-2018-25236 is a critical authentication bypass vulnerability in Hirschmann HiOS and HiSecOS. It allows attackers to gain administrative access without valid credentials by crafting specific HTTP requests.
Am I affected by CVE-2018-25236?
You are potentially affected if you are using Hirschmann HiOS or HiSecOS products (RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE) running versions 0–07.0.00.
How can I fix or mitigate CVE-2018-25236?
Currently, no official patch is available for this vulnerability. Consider isolating affected devices and implementing network segmentation as temporary mitigation measures.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten