Описание
A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:prolion:cryptospike:3.0.15:p2:*:*:*:*:*:*
EPSS
Процентиль: 19%
0.00061
Низкий
7.2 High
CVSS3
Дефекты
CWE-354
Связанные уязвимости
CVSS3: 7.2
github
около 2 лет назад
A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages.
EPSS
Процентиль: 19%
0.00061
Низкий
7.2 High
CVSS3
Дефекты
CWE-354