exploitDog

CVE-2021-33209

Опубликовано: 03 нояб. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login attempt discloses whether the username or password is wrong, helping an attacker to enumerate usernames. This can make a brute-force attack easier.

Ссылки

https://fimeronline.sharepoint.com/:b:/s/GLB-publicsp/EeKCnV76jG5Pn9Ud30fTlesBlk-SZS3uFU80Gt8IEWiE4Q?e=Tdmabs
Vendor Advisory
https://twitter.com/FIMERspa
Third Party Advisory
https://fimeronline.sharepoint.com/:b:/s/GLB-publicsp/EeKCnV76jG5Pn9Ud30fTlesBlk-SZS3uFU80Gt8IEWiE4Q?e=Tdmabs
Vendor Advisory
https://twitter.com/FIMERspa
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fimer:aurora_vision:*:*:*:*:*:*:*:*

Версия до 2.97.10 (исключая)

EPSS

Процентиль: 42%

0.00203

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-307

Связанные уязвимости

GHSA-v4gh-43mq-749q

github

больше 3 лет назад

An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login attempt discloses whether the username or password is wrong, helping an attacker to enumerate usernames. This can make a brute-force attack easier.

EPSS

Процентиль: 42%

0.00203

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-307