CVE-2021-40858

Sažetak

Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring.

Reference

https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses
http://packetstormsecurity.com/files/165166/Auerswald-COMpact-8.0B-Arbitrary-File-Disclosure.html
https://www.redteam-pentesting.de/advisories/rt-sa-2021-006

CVSS

Base:	6.8
Impact:	6.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:N/A:N

Zadnje važnije ažuriranje

04-01-2022 - 16:08

Objavljeno

13-12-2021 - 04:15