Описание
Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured (is not protected with TLS).
Ссылки
- Vendor Advisory
- Release NotesVendor Advisory
- Vendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.5.3.65 (исключая)
cpe:2.3:a:barco:mirrorop_windows_sender:*:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00127
Низкий
8.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-319
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries to update Windows Sender due to the fact that the upgrade mechanism is not secured (is not protected with TLS).
EPSS
Процентиль: 32%
0.00127
Низкий
8.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-319