Vulnerability Description
Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash the device or execute arbitrary code by submitting a password longer than 128 characters. Attackers can exploit improper bounds checking in password handling to overflow a fixed-size buffer and achieve denial of service or remote code execution.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://assets.belden.com/m/2d5657b3e5d721c6/original/Security-Bulletin-RADIUS-A
- https://www.vulncheck.com/advisories/hirschmann-hisecos-buffer-overflow-via-http
FAQ
What is CVE-2018-25237?
CVE-2018-25237 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash th...
How severe is CVE-2018-25237?
CVE-2018-25237 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-25237?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.