Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.807075
Kategorie:Web application abuses
Titel:GE SNMP/Web Interface Multiple Vulnerabilities
Zusammenfassung:This host is installed with SNMP/Web Interface; adapter and is prone to multiple vulnerabilities.
Beschreibung:Summary:
This host is installed with SNMP/Web Interface
adapter and is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- Device does not perform strict input validation.

- File contains sensitive account information stored in cleartext.

Vulnerability Impact:
Successful exploitation will allow remote
authenticated users to execute arbitrary command on the system and to obtain
sensitive cleartext account information impacting the confidentiality,
integrity, and availability of the system.

Affected Software/OS:
General Electric (GE) Industrial Solutions
UPS SNMP/Web Adapter devices with firmware version before 4.8

Solution:
Upgrade to GE SNMP/Web Interface adapter
version 4.8 or later.

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Querverweis: BugTraq ID: 82407
Common Vulnerability Exposure (CVE) ID: CVE-2016-0861
https://www.exploit-db.com/exploits/39408/
http://seclists.org/fulldisclosure/2016/Feb/21
http://packetstormsecurity.com/files/135586/GE-Industrial-Solutions-UPS-SNMP-Adapter-Command-Injection.html
https://ics-cert.us-cert.gov/advisories/ICSA-16-033-02
Common Vulnerability Exposure (CVE) ID: CVE-2016-0862
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.