PT-2020-9558 · Adrem · Adrem Netcrunch

Fabio Poloni

Published

2020-12-16

Updated

2021-07-21

CVE-2019-14480

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: AdRem NetCrunch version 10.6.0.4587

Description: The issue is related to improper session handling in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges.

Recommendations: For AdRem NetCrunch version 10.6.0.4587, consider disabling the NetCrunch web client until a patch is available to prevent potential authentication bypass or escalation of privileges.

Exploit

Fix

Information Disclosure

Missing Encryption of Sensitive Data

Incorrect Permission

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-311CWE-732CWE-338CWE-522

Related Identifiers

CVE-2019-14480

Affected Products

Adrem Netcrunch

PT-2020-9558 · Adrem · Adrem Netcrunch

CVE-2019-14480

Weakness Enumeration

Related Identifiers

Affected Products

References · 6