CVE-2018-10285

The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Common Weakness Enumeration
References
https://gist.github.com/berkgoksel/b8e15cb5742540c6987e9d837d6fa8b1
https://www.exploit-db.com/exploits/44515/
https://gist.github.com/berkgoksel/b8e15cb5742540c6987e9d837d6fa8b1
https://www.exploit-db.com/exploits/44515/