CVE-2018-12596 Information

Description

Episerver Ektron CMS before 9.0 SP3 Site CU 31 9.1 before SP3 Site CU 45 or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the \activateuser.aspx\ page even if a page is located under the /WorkArea/ path which is forbidden (normally available exclusively for local admins).

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://seclists.org/fulldisclosure/2018/Oct/15 https://github.com/alt3kx/CVE-2018-12596 https://medium.com/@alt3kx/ektron-content-management-system-cms-9-20-sp2-remote-re-enabling-users-cve-2018-12596-bdf1e3a05158 https://www.exploit-db.com/exploits/45577/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8