6.9
CVE-2025-1868
- EPSS 0.24%
- Veröffentlicht 03.03.2025 11:15:15
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle cve-coordination@incibe.es
- CVE-Watchlists
- Unerledigt
Information display on multiple products from Famatech Corp
Vulnerability of unauthorized exposure of confidential information affecting Advanced IP Scanner and Advanced Port Scanner. It occurs when these applications initiate a network scan, inadvertently sending the NTLM hash of the user performing the scan. This vulnerability can be exploited by intercepting network traffic to a legitimate server or by setting up a fake server, in both local and remote scenarios. This exposure is relevant for both HTTP/HTTPS and SMB protocols.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerFamatech Corp
≫
Produkt
Advanced IP Scanner
Default Statusunaffected
Version
2.5.4594.1 and earlier
Status
unaffected
HerstellerFamatech Corp
≫
Produkt
Advanced Port Scanner
Default Statusunaffected
Version
2.5.3869 and earlier
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.145 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve-coordination@incibe.es | 6.9 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.8 | 2.5 | 4.2 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://www.incibe.es/en/incibe-cert/notices/aviso/information-display-multiple-products-famatech-corp