PT-2025-15255 · Philips · Intellispace Portal
Published
2025-04-07
·
Updated
2025-04-09
·
CVE-2025-3424
CVSS v4.0
7.7
High
| Vector | AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:P/AU:Y/R:U/V:C/RE:M/U:Green |
Name of the Vulnerable Software and Affected Versions
IntelliSpace Portal versions 12 and prior
Description
The issue arises from the exploitation of port 755 through the "Object Marshalling" technique, allowing an attacker to read internal files without authentication. This is possible by crafting specific .NET Remoting URLs derived from information enumerated in the client-side configuration files.
Recommendations
For IntelliSpace Portal versions 12 and prior, consider restricting access to port 755 as a temporary workaround until a patch is available. Additionally, review and secure client-side configuration files to prevent information enumeration.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Intellispace Portal