PT-2020-19872 · Opservices+1 · Opmon+1

Published

2020-02-06

Updated

2020-02-11

CVE-2020-7953

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpServices OpMon version 9.3.2

Description An issue was discovered that allows reading server files without authentication, due to the use of the nmap -iL option. This could potentially expose sensitive information, such as the contents of the /etc/passwd file.

Recommendations For OpServices OpMon version 9.3.2, consider restricting access to sensitive server files and disabling the use of the nmap -iL option until a patch is available. As a temporary workaround, limit the ability to read server files to authorized personnel only. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2020-7953

Affected Products

Opmon

Nmap

PT-2020-19872 · Opservices+1 · Opmon+1

CVE-2020-7953

Weakness Enumeration

Related Identifiers

Affected Products

References · 4