CVE-2018-15658 — HIGH (7.5)

Q: How severe is CVE-2018-15658?

CVE-2018-15658 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-15658?

Check the references section above for vendor advisories and patch information. Affected products include: 42Gears Suremdm.

Vulnerability Description

An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authenticated user. This is caused by the session validation occurring after the initial markup is loaded. This results in a list of unprotected API endpoints that disclose call logs, SMS logs, and user-account data.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
42Gears	Suremdm	< 2018-11-27

Related Weaknesses (CWE)

CWE-200

References

https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-fouExploitThird Party Advisory
https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-fouExploitThird Party Advisory

FAQ

What is CVE-2018-15658?

CVE-2018-15658 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in 42Gears SureMDM before 2018-11-27. By visiting the page found at /console/ConsolePage/Master.html, an attacker is able to see the markup that would be presented to an authen...

How severe is CVE-2018-15658?

CVE-2018-15658 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-15658?

Check the references section above for vendor advisories and patch information. Affected products include: 42Gears Suremdm.