Circontrol CirCarLife ICSA-18-305-03 Multiple Security Vulnerabilities
BID:105816
CVE-2018-17918 | CVE-2018-17922 |Info
Circontrol CirCarLife ICSA-18-305-03 Multiple Security Vulnerabilities
| Bugtraq ID: | 105816 |
| Class: | Unknown |
| CVE: |
CVE-2018-17918 CVE-2018-17922 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 01 2018 12:00AM |
| Updated: | Nov 01 2018 12:00AM |
| Credit: | Ankit Anubhav of NewSky Security, M. Can Kurnaz Senior Consultant at KPMG Netherlands, Alim Solmaz Security Consultant at Atos, Michael John Chief Information Security Officer at WePower Network, and Gyorgy Miru Security Researcher at Verint. |
| Vulnerable: |
Circontrol CirCarLife 0 |
| Not Vulnerable: |
Circontrol CirCarLife 4.3.1 |
Discussion
Circontrol CirCarLife ICSA-18-305-03 Multiple Security Vulnerabilities
Circontrol CirCarLife is prone to the following multiple security vulnerabilities:
1. An authentication-bypass vulnerability
2. An information-disclosure vulnerability
An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions, or to obtain sensitive information.
Versions prior to CirCarLife 4.3.1 are vulnerable.
Circontrol CirCarLife is prone to the following multiple security vulnerabilities:
1. An authentication-bypass vulnerability
2. An information-disclosure vulnerability
An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions, or to obtain sensitive information.
Versions prior to CirCarLife 4.3.1 are vulnerable.
Solution / Fix
Circontrol CirCarLife ICSA-18-305-03 Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.