Suggested description
The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication.
Vulnerability Type
Incorrect access control
Vendor of Product
Ericsson-LG
Affected Product Code Base
iPECS NMS - A.1Ac
Attack Type
Remote
Reference
https://www.youtube.com/watch?v=ah3MLcAURlc
https://www.ipecs.com/site/lgericsson/menu/158.do?scene=detail&productNo=45
Discoverer
Berk Cem Goksel
CVE-2018-10285