8.8
CVE-2019-11688
- EPSS 1.1%
- Veröffentlicht 18.03.2020 15:15:11
- Zuletzt bearbeitet 21.11.2024 04:21:35
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Asustor ≫ Exfat Driver Version1.0.0 Updater14
Asustor ≫ Exfat Driver Version1.0.0 Updater15
Asustor ≫ Exfat Driver Version1.0.0 Updater20
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.1% | 0.612 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 8.8 | 8.6 | 9.2 |
AV:N/AC:M/Au:N/C:C/I:C/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
https://github.com/mikedamm/CVEs/blob/master/CVE-2019-11688.md
https://www.asustor.com/app_central/app_detail?id=776