virus logo Intrusion Prevention

Ektron.CMS.SP2.ASPX.activateuser.Improper.Privilege.Management

description-logoDescription

This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in Episerver Ektron CMS.
A remote unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. An attacker can exploit this to add new user with administrator privileges in the affected system.

affected-products-logoAffected Products

Episerver Ektron CMS 9.0
Episerver Ektron CMS 9.0 SP1
Episerver Ektron CMS 9.0 SP2
Episerver Ektron CMS 9.10
Episerver Ektron CMS 9.10 SP1
Episerver Ektron CMS 9.10 SP2
Episerver Ektron CMS 9.20
Episerver Ektron CMS 9.20 SP1

Impact logoImpact

Security Bypass: Remote attackers can bypass security features of vulnerable systems without authentication.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://medium.com/@alt3kx/ektron-content-management-system-cms-9-20-sp2-remote-re-enabling-users-cve-2018-12596-bdf1e3a05158

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-11-19 14.726 Default_action:pass:drop
2019-11-08 14.720

References

45577 https://support.episerver.com/hc/en-us/articles/115002828112-9-2-SP2-Site-Update
ID 48495
Created Nov 08, 2019
Updated Sep 24, 2020
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2018-12596
Exploit Prediction Score 37.04%
Default Action drop
Active
Affected OS Windows
Affected App Other