10

CVE-2017-15366

EPSS 0.28%
Veröffentlicht 26.10.2017 20:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devices (if no firewall is present) or the NDoc server itself. Once the password is known to an attacker, local access is not required.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ndocsoftware ≫ Ndoc Version <= 7.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.514

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://gist.github.com/emptythevoid/84248daccce8737f1cdd5b395cf6f32c

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-15366

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-15366

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-15366

EUVD