PT-2017-13195 · Lava · Lava Ether-Serial Link

Maxim Rupp

Publicado

2017-10-11

Atualizado

2019-10-09

CVE-2017-14003

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LAVA Ether-Serial Link (ESL) versions 6.01.00/29.03.2007 and prior

Description An Authentication Bypass by Spoofing issue was discovered, which is caused by an improper authentication vulnerability. This vulnerability allows an attacker with the same IP address to bypass authentication by accessing a specific uniform resource locator.

Recommendations For LAVA Ether-Serial Link (ESL) versions 6.01.00/29.03.2007 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Authentication Bypass by Spoofing

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287CWE-290

Identificadores relacionados

CVE-2017-14003

Produtos afetados

Lava Ether-Serial Link

PT-2017-13195 · Lava · Lava Ether-Serial Link

CVE-2017-14003

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4