PT-2019-13725 · Sphinx Technologies+1 · Sphinx+1

Publicado

2019-06-02

Atualizado

2022-04-01

CVE-2019-14511

CVSS v2.0

9.4

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Sphinx Technologies Sphinx version 3.1.1

Description The issue is related to the default configuration of Sphinx, which lacks authentication and listens on 0.0.0.0, making it exposed to the internet unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only.

Recommendations For version 3.1.1, reconfigure Sphinx to listen on 127.0.0.1 only or ensure it is filtered by a firewall to minimize exposure. Consider implementing authentication to secure the service.

Exploit

Correção

Missing Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-306CWE-21

Identificadores relacionados

BDU:2022-00467

CVE-2019-14511

DLA-2882-1

DSA-5036-1

MGASA-2020-0087

OPENSUSE-SU-2022_0046-1

OPENSUSE-SU-2022_0054-1

Produtos afetados

Sphinx

Suse

PT-2019-13725 · Sphinx Technologies+1 · Sphinx+1

CVE-2019-14511

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 30