CVE Vulnerability

CVE-2018-12596

Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins).

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://medium.com/@alt3kx/ektron-content-management-system-cms-9-20-sp2-remote-re-enabling-users-cve-2018-12596-bdf1e3a05158 Exploit Patch
https://github.com/alt3kx/CVE-2018-12596 Exploit Patch
http://seclists.org/fulldisclosure/2018/Oct/15 Exploit Mitigation
https://www.exploit-db.com/exploits/45577/ Exploit Mitigation
Configurations

Configuration 1

cpe:2.3:a:episerver:ektron_cms:9.00:sp2:*:*:*:*:*:*
cpe:2.3:a:episerver:ektron_cms:9.00:sp1:*:*:*:*:*:*
cpe:2.3:a:episerver:ektron_cms:9.10:sp2:*:*:*:*:*:*
cpe:2.3:a:episerver:ektron_cms:9.10:sp1:*:*:*:*:*:*
cpe:2.3:a:episerver:ektron_cms:9.20:sp1:*:*:*:*:*:*
cpe:2.3:a:episerver:ektron_cms:9.00:-:*:*:*:*:*:*
cpe:2.3:a:episerver:ektron_cms:9.10:-:*:*:*:*:*:*
cpe:2.3:a:episerver:ektron_cms:9.20:-:*:*:*:*:*:*
Information

Published : 2018-10-10 09:29

Updated : 2019-10-03 12:03

NVD link : CVE-2018-12596

Mitre link : CVE-2018-12596

Products Affected
No products.
CWE
CWE-269