Описание
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to the administrator group.
Ссылки
- PatchThird Party AdvisoryUS Government Resource
- PatchThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 00.00.02a (исключая)
cpe:2.3:a:deltaww:infrasuite_device_master:*:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00206
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS3
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to the administrator group.
EPSS
Процентиль: 43%
0.00206
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS3
Дефекты
CWE-306