PT-2018-13752 · Solarwinds · Solarwinds Sftp/Scp Server

Alex Craggs

Publicado

2018-12-05

Atualizado

2020-12-18

CVE-2018-16792

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions SolarWinds SFTP/SCP server through 2018-09-10

Description The issue allows an attacker to exploit a world-readable and writable configuration file, leading to XXE (XML External Entity) vulnerability. This vulnerability enables an attacker to exfiltrate data.

Recommendations For SolarWinds SFTP/SCP server through 2018-09-10, consider restricting access to the configuration file to prevent it from being world-readable and writable until a fix is available. As a temporary workaround, limit the permissions on the configuration file to minimize the risk of exploitation.

Correção

XXE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-611

Identificadores relacionados

CVE-2018-16792

Produtos afetados

Solarwinds Sftp/Scp Server

PT-2018-13752 · Solarwinds · Solarwinds Sftp/Scp Server

CVE-2018-16792

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4