CVE-2015-0932

Опубликовано: 05 апр. 2015

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873.

Ссылки

http://blog.cylance.com/spear-team-cve-2015-0932
Exploit
http://www.antlabs.com/index.php?option=com_content&view=article&id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932&catid=54:advisories&Itemid=133
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/930956
Third Party Advisory
US Government Resource
http://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/
http://blog.cylance.com/spear-team-cve-2015-0932
Exploit
http://www.antlabs.com/index.php?option=com_content&view=article&id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932&catid=54:advisories&Itemid=133
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/930956
Third Party Advisory
US Government Resource
http://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:h:antlabs:inngate_ig_3.00_e:*:*:*:*:*:*:*:*

cpe:2.3:h:antlabs:inngate_ig_3.01_e:*:*:*:*:*:*:*:*

cpe:2.3:h:antlabs:inngate_ig_3.02_e:*:*:*:*:*:*:*:*

cpe:2.3:h:antlabs:inngate_ig_3.10_e:*:*:*:*:*:*:*:*

cpe:2.3:h:antlabs:inngate_ig_3.10_g:*:*:*:*:*:*:*:*

cpe:2.3:h:antlabs:inngate_ig_3100:*:*:*:*:*:*:*:*

cpe:2.3:h:antlabs:inngate_ig_3101:*:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02081

Низкий

10 Critical

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-h4pf-q6rm-x45m

github

больше 3 лет назад