Lucene search

K
cve[email protected]CVE-2016-2311
HistoryMay 30, 2016 - 1:59 a.m.

CVE-2016-2311

2016-05-3001:59:06
CWE-255
CWE-200
web.nvd.nist.gov
21
black box
alertwerks
servsensor
firmware
sp473
remote users
discover
passwords

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.9%

Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ServSensor Junior with firmware before SP473, AlertWerks ServSensor Junior with PoE with firmware before SP473, and AlertWerks ServSensor Contact with firmware before SP473 allow remote authenticated users to discover administrator and user passwords via unspecified vectors.

Affected configurations

NVD
Node
blackboxalertwerks_servsensor_junior_eme102a-r2Match-
OR
blackboxalertwerks_servsensor_junior_eme103a-r2Match-
OR
blackboxalertwerks_servsensor_junior_eme104a-r2Match-
AND
blackboxalertwerks_servsensor_junior_firmwareMatch-
Node
blackboxalertwerks_servsensor_contact_eme111a-20-r2Match-
OR
blackboxalertwerks_servsensor_contact_eme111a-60-r2Match-
OR
blackboxalertwerks_servsensor_contact_eme112a-20-r2Match-
OR
blackboxalertwerks_servsensor_contact_eme112a-60-r2Match-
OR
blackboxalertwerks_servsensor_contact_eme113a-20-r2Match-
OR
blackboxalertwerks_servsensor_contact_eme113a-60-r2Match-
AND
blackboxalertwerks_servsensor_contact_firmwareMatch-
Node
blackbox_alertwerks_servsensor_eme106aMatch-
OR
blackbox_alertwerks_servsensor_eme108a-r2Match-
OR
blackbox_alertwerks_servsensor_eme109a-r2Match-
OR
blackbox_alertwerks_servsensor_eme110a-r2Match-
OR
blackboxalertwerks_servsensor_eme105aMatch-
AND
blackboxalertwerks_servsensor_firmwareMatch-
Node
blackboxalertwerks_servsensor_junior_eme152aMatch-poe
OR
blackboxalertwerks_servsensor_junior_eme153aMatch-poe
OR
blackboxalertwerks_servsensor_junior_eme154aMatch-poe
OR
blackboxalertwerks_servsensor_junior_eme155aMatch-poe
OR
blackboxalertwerks_servsensor_junior_eme158aMatch-poe
AND
blackboxalertwerks_servsensor_junior_firmwareMatch-poe

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.9%

Related for CVE-2016-2311