Vulnerability Description
NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nuuo | Nuuo Cms | <= 3.3 |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02MitigationThird Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-17936?
CVE-2018-17936 is a vulnerability with a CVSS score of 9.8 (CRITICAL). NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution.
How severe is CVE-2018-17936?
CVE-2018-17936 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-17936?
Check the references section above for vendor advisories and patch information. Affected products include: Nuuo Nuuo Cms.