CVE-2018-25236: Authentication Bypass in Hirschmann HiOS/HiSecOS
Platform
linux
Component
hirschmann-hios
CVE-2018-25236 represents an authentication bypass vulnerability discovered in Hirschmann HiOS and HiSecOS products, specifically affecting RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, and EAGLE devices. This flaw allows unauthenticated remote attackers to bypass authentication mechanisms and gain administrative access, potentially leading to complete system compromise. The vulnerability impacts versions 0–07.0.00, and as of the publication date, no official patch has been released.
How to fix
Actualice a una versión corregida de Hirschmann HiOS o HiSecOS. Consulte el boletín de seguridad de Belden (https://assets.belden.com/m/52ecadbb5f1b0e04/original/Security-Bulletin-Web-Server-Authentication-Bypass-HiOS-HiSecOS-Hirschmann-BSECV-2018-05.pdf) para obtener más detalles sobre las versiones afectadas y las versiones corregidas.
Frequently asked questions
What is CVE-2018-25236?
CVE-2018-25236 is a critical authentication bypass vulnerability in Hirschmann HiOS and HiSecOS. It allows attackers to gain administrative access to affected devices without providing valid credentials by crafting malicious HTTP requests.
Am I affected by CVE-2018-25236?
You are potentially affected if you are using Hirschmann HiOS or HiSecOS products (RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, EAGLE) running versions 0–07.0.00. It's crucial to assess your systems and take appropriate mitigation steps.
How can I fix or mitigate CVE-2018-25236?
As of the publication date, no official patch is available for CVE-2018-25236. Mitigation strategies may include network segmentation, restricting access to the management interface, and closely monitoring for suspicious activity. Consult Hirschmann for updates.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free