CVE-2018-19233

Опубликовано: 20 дек. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 2.1

EPSS Низкий

Описание

COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file.

Ссылки

http://packetstormsecurity.com/files/150427/Miss-Marple-Enterprise-Edition-File-Upload-Hardcoded-AES-Key.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Nov/55
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2018/Nov/37
Mailing List
Third Party Advisory
https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-miss-marple-enterprise-edition/
Third Party Advisory
http://packetstormsecurity.com/files/150427/Miss-Marple-Enterprise-Edition-File-Upload-Hardcoded-AES-Key.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2018/Nov/55
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2018/Nov/37
Mailing List
Third Party Advisory
https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-miss-marple-enterprise-edition/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:comparex:miss_marple:*:*:*:*:enterprise:*:*:*

Версия до 2.0 (исключая)

EPSS

Процентиль: 24%

0.00078

Низкий

7.8 High

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-3vv5-prrw-675q