PT-2017-16890 · Genexis B.V. · Gaps
Antoine Neuenschwander
·
Publicado
2017-12-20
·
Atualizado
2018-01-11
·
CVE-2017-6094
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Genexis B.V. GAPS versions up to 7.2
Description
The issue allows for the forgery of valid
chk values for any given MAC address, enabling the reception of configuration settings of other subscribers' CPEs. These settings often contain sensitive information, such as credentials (username/password) for VoIP services.Recommendations
For Genexis B.V. GAPS versions up to 7.2, update to a version later than 7.2 to resolve the issue.
Exploit
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Gaps