PT-2017-16890 · Genexis B.V. · Gaps
Antoine Neuenschwander
·
Published
2017-12-20
·
Updated
2018-01-11
·
CVE-2017-6094
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Genexis B.V. GAPS versions up to 7.2
Description
The issue allows for the forgery of valid
chk values for any given MAC address, enabling the reception of configuration settings of other subscribers' CPEs. These settings often contain sensitive information, such as credentials (username/password) for VoIP services.Recommendations
For Genexis B.V. GAPS versions up to 7.2, update to a version later than 7.2 to resolve the issue.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gaps