You are here

NUUO CMS (Update A) (ICSA-18-284-02)

NUUO CMS (Update A) (ICSA-18-284-02)

Created: Tuesday, November 20, 2018 - 15:17
Categories:
Cybersecurity

November 20, 2018

The NCCIC has updated this advisory with additional information on the technical details of the vulnerability. NCCIC/ICS-CERT.

October 11, 2018

The NCCIC has released an advisory on use of insufficiently random values, use of obsolete function, incorrect permission assignment for critical resource, and use of hard-coded credentials vulnerabilities in NUUO CMS. Versions 3.1 and prior are affected. Successful exploitation of theses vulnerabilities could result in arbitrary remote code execution. NUUO has developed a fix for the reported vulnerabilities and recommends users update to firmware v3.3 or the latest available. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.