exploitDog

CVE-2019-13023

Опубликовано: 14 мая 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.

Ссылки

https://labs.nettitude.com/blog/cve-2019-13021-22-23-jetselect-network-segregation-application/
Third Party Advisory
https://labs.nettitude.com/blog/cve-2019-13021-22-23-jetselect-network-segregation-application/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jetstream:jetselect:*:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.0027

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-c6pv-qcpj-v34m

github

больше 3 лет назад

An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.

EPSS

Процентиль: 50%

0.0027

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200