Описание
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 3.3.2 (включая)
cpe:2.3:a:mmonit:m\/monit:*:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04879
Низкий
7.5 High
CVSS2
Дефекты
CWE-255
Связанные уязвимости
github
больше 3 лет назад
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409.
EPSS
Процентиль: 89%
0.04879
Низкий
7.5 High
CVSS2
Дефекты
CWE-255