Cerner Connectivity Engine 4 Firmware vulnerabilities
2 known vulnerabilities affecting cerner/connectivity_engine_4_firmware.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2018-20053P2CRITICALCVSS 9.8fixed in 2018122019-04-25
CVE-2018-20053 [CRITICAL] CVE-2018-20053: An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The hostname, timezone, and N
An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The hostname, timezone, and NTP server configurations on the CCE device are vulnerable to command injection by sending a crafted configuration file over the network.
nvd
CVE-2018-20052P3HIGHCVSS 7.8fixed in 2018122019-04-25
CVE-2018-20052 [HIGH] CWE-1188 CVE-2018-20052: An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE
An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the "sudo ln -s /tmp/script /etc/cron.hourly/script" command.
nvd