PT-2020-9561 · Adrem · Adrem Netcrunch

Fabio Poloni

Published

2020-12-16

Updated

2021-07-21

CVE-2019-14483

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: AdRem NetCrunch version 10.6.0.4587

Description: The issue allows credentials disclosure, enabling every user to read private keys, private keys' passwords, and root passwords for BSD, Linux, MacOS, and Solaris stored in the credential manager. Additionally, every administrator can access ESX and Windows passwords stored in the credential manager.

Recommendations: For AdRem NetCrunch version 10.6.0.4587, consider restricting access to the credential manager to minimize the risk of exploitation. As a temporary workaround, limit the privileges of users and administrators to prevent unauthorized access to sensitive credentials. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-14483

Affected Products

Adrem Netcrunch

PT-2020-9561 · Adrem · Adrem Netcrunch

CVE-2019-14483

Related Identifiers

Affected Products

References · 6