PT-2021-2245 · Mb Connect Line · Mbconnect24

Published

2021-03-02

Updated

2021-03-09

CVE-2020-12529

CVSS v3.1

5.8

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions MB connect line mymbCONNECT24 and mbCONNECT24 versions through V2.6.2

Description The issue is related to insufficient checking of incoming requests in the LDAP access check, allowing an attacker to perform a Server-Side Request Forgery (SSRF) attack. This enables the attacker to scan for open ports.

Recommendations For versions through V2.6.2, consider restricting access to the LDAP access check functionality until a patch is available. As a temporary workaround, disabling the LDAP access check may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

BDU:2021-01216

CVE-2020-12529

Affected Products

Mbconnect24

PT-2021-2245 · Mb Connect Line · Mbconnect24

CVE-2020-12529

Weakness Enumeration

Related Identifiers

Affected Products

References · 6