PT-2021-9160 · Unknown · Replicated Classic

Published

2021-07-28

Updated

2021-08-06

CVE-2020-10590

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Replicated Classic versions 2.x

Description The issue concerns an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.

Recommendations For Replicated Classic versions 2.x, ensure the Admin Console port (8800) is properly secured to prevent unauthorized access, and consider restricting network access to the Admin Console to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-10590

Affected Products

Replicated Classic

PT-2021-9160 · Unknown · Replicated Classic

CVE-2020-10590

Related Identifiers

Affected Products

References · 5