CVE-2018-15484 Information
Feb 14, 2021
cve
Description
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat aka KONE-01.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html https://www.kone.com/en/vulnerability.aspx
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: