Lucene search

MitreCVE-2017-14972

HistoryOct 09, 2017 - 5:29 a.m.

CVE-2017-14972

2017-10-0905:29:00

CWE-287

mitre

web.nvd.nist.gov

infocus

mondopad

cve-2017-14972

authentication bypass

vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

55.7%

JSON

InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file.

Affected configurations

Nvd

Node

infocusmondopadMatch2.2.08

VendorProductVersionCPE
infocusmondopad2.2.08cpe:2.3:a:infocus:mondopad:2.2.08:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
infocus	mondopad	2.2.08	cpe:2.3:a:infocus:mondopad:2.2.08:::::::*

References

raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/InFocus%20Mondopad%20%3C%202.2.08%20-%20CVE-2017-14972

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

55.7%

JSON

Related for CVE-2017-14972