Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-8867

In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.

Published

2018-05-18T20:29:00.323

Last Modified

2024-11-21T04:14:29.243

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

6.9

Weaknesses
  • Type: Secondary
    CWE-20
  • Type: Primary
    CWE-20
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System ge pacsystems_rx3i_cpe305_firmware ≤ 9.20 Yes
Hardware ge pacsystems_rx3i_cpe305 - No
Operating System ge pacsystems_rx3i_cpe310_firmware ≤ 9.20 Yes
Hardware ge pacsystems_rx3i_cpe310 - No
Operating System ge rx3i_cpe330_firmware ≤ 9.21 Yes
Hardware ge rx3i_cpe330 - No
Operating System ge rx3i_cpe_400_firmware ≤ 9.30 Yes
Hardware ge rx3i_cpe_400 - No
Operating System ge pacsystems_rsti-ep_cpe_100_firmware - Yes
Hardware ge pacsystems_rsti-ep_cpe_100 - No
Operating System ge pacsystems_cpu320_firmware - Yes
Hardware ge pacsystems_cpu320 - No
Operating System ge pacsystems_cru320_firmware - Yes
Hardware ge pacsystems_cru320 - No
Operating System ge pacsystems_rxi_firmware - Yes
Hardware ge pacsystems_rxi - No
References