CVE-2017-6911

Опубликовано: 23 мар. 2017

Источник: nvd

CVSS3: 6.6

CVSS2: 2.1

EPSS Низкий

Описание

USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such as username and password in simple usb.xml. An attacker with physical access to the system can modify the file according his own requirements that may aid in further attack.

Ссылки

http://packetstormsecurity.com/files/141651/USB-Pratirodh-Insecure-Password-Storage.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2017/Mar/43
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/540289/100/0/threaded
http://www.securityfocus.com/bid/96970
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/141651/USB-Pratirodh-Insecure-Password-Storage.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2017/Mar/43
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/540289/100/0/threaded
http://www.securityfocus.com/bid/96970
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:usb_pratirodh_project:usb_pratirodh:-:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00089

Низкий

6.6 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-922

Связанные уязвимости

GHSA-gh2g-9gcc-7cpv