Access Control Vulnerability in Emerson Liebert IntelliSlot Web Card Devices
CVE-2018-12922

7.5HIGH

Key Information:

Vendor: Vertiv
Status: Liebert Intellislot Firmware
Vendor: CVE Published:; 28 June 2018

What is CVE-2018-12922?

The Emerson Liebert IntelliSlot Web Card devices are susceptible to an access control vulnerability that allows remote attackers to modify user access settings through specific URI endpoints, namely config/configUser.htm or config/configTelnet.htm. This weakness can result in unauthorized configuration changes, potentially compromising the security of the device.

References

https://www.seebug.org/vuldb/ssvid-97372

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2018
Vulnerability Reserved
Jun 27, 2018

JSON

Vertiv

What is CVE-2018-12922?

References

CVSS V3.1

Timeline