PT-2022-3548 · Aethon · Aethon Tug Home Base Server
Asher Brass
+1
·
Published
2022-04-12
·
Updated
2022-10-21
·
CVE-2022-1066
CVSS v2.0
8.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Aethon TUG Home Base Server versions prior to version 24
Description
The issue is related to weaknesses in the authorization procedure of the server. It allows a remote attacker to exploit the weakness, potentially enabling them to add and remove arbitrary users. An unauthenticated attacker can freely access hashed user credentials.
Recommendations
For versions prior to version 24, update to version 24 or later to resolve the issue. As a temporary workaround, consider restricting access to the server to minimize the risk of exploitation. Avoid using the server for sensitive operations until the issue is resolved.
Fix
Improper Access Control
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Aethon Tug Home Base Server