Описание
An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal.
Ссылки
- Third Party AdvisoryVDB Entry
- PatchThird Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- PatchThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.00 (включая)
Одновременно
cpe:2.3:o:belden_hirschmann:gecko_lite_managed_switch_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:belden_hirschmann:gecko_lite_managed_switch:-:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01381
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 5.9
github
больше 3 лет назад
An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal.
EPSS
Процентиль: 80%
0.01381
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-22