10

CVE-2015-0932

Exploit

EPSS 1.04%
Published 05.04.2015 01:59:01
Last modified 12.04.2025 10:46:40
Source cret@cert.org
Teams watchlist Login
Open Login

The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873.

Affected products Warnungen 0 Metrics 2 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Antlabs ≫ Inngate Ig 3.00 E

Antlabs ≫ Inngate Ig 3.01 E

Antlabs ≫ Inngate Ig 3.02 E

Antlabs ≫ Inngate Ig 3.10 E

Antlabs ≫ Inngate Ig 3.10 G

Antlabs ≫ Inngate Ig 3100

Antlabs ≫ Inngate Ig 3101

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.04%	0.765

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://blog.cylance.com/spear-team-cve-2015-0932

Exploit

http://www.antlabs.com/index.php?option=com_content&view=article&id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932&catid=54:advisories&Itemid=133

Patch

Vendor Advisory

http://www.kb.cert.org/vuls/id/930956

Third Party Advisory

US Government Resource

http://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/

https://nvd.nist.gov/vuln/detail/CVE-2015-0932

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-0932

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-0932

EUVD