Vulnerabilities > CVE-2018-12338 - Unspecified vulnerability in Ecos System Management Appliance 5.2.68

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

ecos

critical

NVD

Published: 2018-06-17

Updated: 2019-10-03

Summary

Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote root SSH access.

Vulnerable Configurations

Part	Description	Count
Application	Ecos Ecos System Management Appliance 5.2.68	1

References

https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html