CVE-2018-14705

EPSS 1.85%
Veröffentlicht 24.02.2020 19:15:12
Zuletzt bearbeitet 21.11.2024 03:49:37
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Lack of Authentication/Authorization on Administrative Web Pages

In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and control these applications. This not only poses a severe risk to the availability of these applications, but also poses severe risks to the confidentiality and integrity of data stored within the applications and the device itself.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Drobo ≫ 5n2 Firmware Version4.0.5

Drobo ≫ 5n2 Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.85%	0.764

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc

Third Party Advisory

https://www.ise.io/casestudies/sohopelessly-broken-2-0/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-14705

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-14705

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-14705

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-14705