CVE Vulnerabilities

CVE-2018-13861

Published: Jul 17, 2018 | Modified: Oct 03, 2019

CVSS 3.x

9.8

CRITICAL

Source:

NVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.x

10 HIGH

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-13861
CWE	https://cwe.mitre.org/data/definitions/.html

Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the /xml/system/control.xml URL, using the GET request ?action=reboot for example.

Affected Software

Name	Vendor	Start Version	End Version
Webtouch_setup_v9_firmware	Trivum	2.53 (including)	2.53 (including)

References

https://vulncode.com/advisory/CVE-2018-13861

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.