CVE-2014-9576

Опубликовано: 08 янв. 2015

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows remote attackers to obtain access.

Ссылки

http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html
Exploit
http://seclists.org/fulldisclosure/2014/Dec/76
Exploit
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt
Exploit
http://packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html
Exploit
http://seclists.org/fulldisclosure/2014/Dec/76
Exploit
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vdgsecurity:vdg_sense:2.3.13:*:*:*:*:*:*:*

EPSS

Процентиль: 58%

0.00371

Низкий

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-pcjh-w2q4-g7v8

github

больше 3 лет назад