CVE-2018-8862 — LOW (3.1) — White Hats Nepal

Vulnerability Description

In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms.

CVSS Score

3.1

LOW

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Atisystem	Hpss16 Firmware	-
Atisystem	Hpss16	-
Atisystem	Hpss32 Firmware	-
Atisystem	Hpss32	-
Atisystem	Mhpss Firmware	-
Atisystem	Mhpss	-
Atisystem	Alert4000 Firmware	-
Atisystem	Alert4000	-

Related Weaknesses (CWE)

CWE-287

References

http://www.securityfocus.com/bid/103721Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01MitigationThird Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/103721Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-100-01MitigationThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2018-8862?

CVE-2018-8862 is a vulnerability with a CVSS score of 3.1 (LOW). In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions ma...

How severe is CVE-2018-8862?

CVE-2018-8862 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-8862?

Check the references section above for vendor advisories and patch information. Affected products include: Atisystem Hpss16 Firmware, Atisystem Hpss16, Atisystem Hpss32 Firmware, Atisystem Hpss32, Atisystem Mhpss Firmware.