CVE-2018-12331

HIGH

ECOS System Management Appliance <5.2.68 - Auth Bypass

Title source: llm
STIX 2.1

Description

Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during "Easy Enrollment."

References (1)

Core 1
Core References
Mitigation, Third Party Advisory x_refsource_misc
https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html

Scores

CVSS v3 7.4
EPSS 0.0095
EPSS Percentile 56.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-290
Status published
Products (1)
ecos/system_management_appliance 5.2.68
Published Jun 17, 2018
Tracked Since Feb 18, 2026