CVE-2018-17888

CRITICAL

NUUO CMS < 3.1 - Remote Code Execution via Session ID Prediction

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-17888. PoCs published by Pedro Ribeiro <[email protected]>, including Metasploit module auxiliary/gather/nuuo_cms_bruteforce.

AI-analyzed exploit summary This Metasploit module exploits a session token bruteforce vulnerability in Nuuo Central Management Server (CMS) below version 2.4, where heap addresses are leaked instead of session numbers, reducing the keyspace for bruteforcing. It uses precomputed weighted arrays to efficiently guess valid session tokens.

Description

NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution.

Exploits (1)

metasploit WORKING POC
by Pedro Ribeiro <[email protected]> · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/nuuo_cms_bruteforce.rb

This Metasploit module exploits a session token bruteforce vulnerability in Nuuo Central Management Server (CMS) below version 2.4, where heap addresses are leaked instead of session numbers, reducing the keyspace for bruteforcing. It uses precomputed weighted arrays to efficiently guess valid session tokens.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Nuuo Central Management Server < 2.4
No auth needed
Prerequisites: A user must be logged into the system · Network access to the Nuuo CMS server
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105717
Patch, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02

Scores

CVSS v3 9.8
EPSS 0.2964
EPSS Percentile 98.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-330
Status published
Products (1)
nuuo/nuuo_cms < 3.1
Published Oct 12, 2018
Tracked Since Feb 18, 2026