Описание
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution.
Ссылки
- MitigationThird Party AdvisoryUS Government Resource
- Vendor Advisory
- MitigationThird Party AdvisoryUS Government Resource
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.9.1 (исключая)Версия до 6.9.215 (исключая)
Одно из
cpe:2.3:a:ptc:axeda_agent:*:*:*:*:*:*:*:*
cpe:2.3:a:ptc:axeda_desktop_server:*:*:*:*:*:windows:*:*
EPSS
Процентиль: 84%
0.02258
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-306
CWE-306
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution.
EPSS
Процентиль: 84%
0.02258
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-306
CWE-306