CVE-2018-10201

Опубликовано: 20 апр. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Высокий

Описание

An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667.

Ссылки

http://www.kwell.net/kwell_blog/?p=5199
Exploit
Third Party Advisory
https://support.ncomputing.com/portal/kb/articles/ncomputing-health-monitor-server-vulnerability-patch
https://www.exploit-db.com/exploits/44497/
Exploit
Third Party Advisory
VDB Entry
https://www.kwell.net/kwell/index.php?option=com_newsfeeds&view=newsfeed&id=15&Itemid=173&lang=es
Third Party Advisory
http://www.kwell.net/kwell_blog/?p=5199
Exploit
Third Party Advisory
https://support.ncomputing.com/portal/kb/articles/ncomputing-health-monitor-server-vulnerability-patch
https://www.exploit-db.com/exploits/44497/
Exploit
Third Party Advisory
VDB Entry
https://www.kwell.net/kwell/index.php?option=com_newsfeeds&view=newsfeed&id=15&Itemid=173&lang=es
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ncomputing:vspace_pro:10:*:*:*:*:*:*:*

cpe:2.3:a:ncomputing:vspace_pro:11:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.81415

Высокий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-76rx-46wh-9xmg