Описание
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system.
Ссылки
- MitigationThird Party AdvisoryUS Government Resource
- Vendor Advisory
- MitigationThird Party AdvisoryUS Government Resource
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.9.1 (исключая)Версия до 6.9.215 (исключая)
Одно из
cpe:2.3:a:ptc:axeda_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:ptc:axeda_desktop_server:*:*:*:*:*:windows:*:*
EPSS
Процентиль: 83%
0.01905
Низкий
9.8 Critical
CVSS3
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-798
CWE-798
Связанные уязвимости
CVSS3: 8.8
github
почти 4 года назад
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system.
EPSS
Процентиль: 83%
0.01905
Низкий
9.8 Critical
CVSS3
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-798
CWE-798