Show filters

Showing topic results for "CVE-2018-17888":

(1-1 of 1)

Sort by:
Attacker Value

Nuuo Central Management Server Session Bruteforce

Disclosure Date: October 12, 2018 (last updated October 13, 2020)
Nuuo Central Management Server v3.1 and prior use an 8 digit session cookie that could be bruteforced. The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution.