10

CVE-2015-0932

Exploit

EPSS 1.04%
Veröffentlicht 05.04.2015 01:59:01
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cret@cert.org
Teams Watchlist Login
Unerledigt Login

The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Antlabs ≫ Inngate Ig 3.00 E

Antlabs ≫ Inngate Ig 3.01 E

Antlabs ≫ Inngate Ig 3.02 E

Antlabs ≫ Inngate Ig 3.10 E

Antlabs ≫ Inngate Ig 3.10 G

Antlabs ≫ Inngate Ig 3100

Antlabs ≫ Inngate Ig 3101

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.04%	0.765

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://blog.cylance.com/spear-team-cve-2015-0932

Exploit

http://www.antlabs.com/index.php?option=com_content&view=article&id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932&catid=54:advisories&Itemid=133

Patch

Vendor Advisory

http://www.kb.cert.org/vuls/id/930956

Third Party Advisory

US Government Resource

http://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/

https://nvd.nist.gov/vuln/detail/CVE-2015-0932

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-0932

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-0932

EUVD