CVE-2018-7602 — CRITICAL (9.8)

Q: How severe is CVE-2018-7602?

CVE-2018-7602 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2018-7602?

Check the references section above for vendor advisories and patch information. Affected products include: Drupal Drupal, Debian Debian Linux.

Vulnerability Description

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Drupal	Drupal	>= 7.0, < 7.59
Debian	Debian Linux	7.0

Related Weaknesses (CWE)

CWE-94

References

http://www.securityfocus.com/bid/103985Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040754Broken LinkThird Party AdvisoryVDB Entry
https://lists.debian.org/debian-lts-announce/2018/04/msg00030.htmlMailing ListThird Party Advisory
https://www.debian.org/security/2018/dsa-4180Third Party Advisory
https://www.drupal.org/sa-core-2018-004PatchVendor Advisory
https://www.exploit-db.com/exploits/44542/ExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/44557/ExploitThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/103985Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1040754Broken LinkThird Party AdvisoryVDB Entry
https://lists.debian.org/debian-lts-announce/2018/04/msg00030.htmlMailing ListThird Party Advisory
https://www.debian.org/security/2018/dsa-4180Third Party Advisory
https://www.drupal.org/sa-core-2018-004PatchVendor Advisory
https://www.exploit-db.com/exploits/44542/ExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/44557/ExploitThird Party AdvisoryVDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-US Government Resource

FAQ

What is CVE-2018-7602?

CVE-2018-7602 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result...

How severe is CVE-2018-7602?

CVE-2018-7602 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-7602?

Check the references section above for vendor advisories and patch information. Affected products include: Drupal Drupal, Debian Debian Linux.