Описание
Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors.
Ссылки
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до embedded_ngx_7.0.39_ga (включая)
cpe:2.3:h:sofaware:safe_at_office_500_utm:*:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00339
Низкий
8.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors.
EPSS
Процентиль: 56%
0.00339
Низкий
8.5 High
CVSS2
Дефекты
NVD-CWE-Other