exploitDog

CVE-2021-3165

Опубликовано: 26 янв. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI.

Ссылки

https://orionhridoy.me
Third Party Advisory
https://packetstormsecurity.com/files/160906/SmartAgent-3.1.0-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
https://www.smtagent.com/support
Vendor Advisory
https://orionhridoy.me
Third Party Advisory
https://packetstormsecurity.com/files/160906/SmartAgent-3.1.0-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
https://www.smtagent.com/support
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:missionlabs:smartagent:3.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00239

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-732

Связанные уязвимости

GHSA-gvxf-84jp-9m3q

github

больше 3 лет назад

SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI.

EPSS

Процентиль: 47%

0.00239

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-732