CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
59.8%
Check Point SofaWare Safe@Office, with firmware before Embedded NGX 7.0.45 GA, does not require entry of the old password when changing the admin password, which might allow attackers to gain privileges by conducting a CSRF attack, making a password change on an unattended workstation, or other vectors.
Vendor | Product | Version | CPE |
---|---|---|---|
sofaware | safe_at_office_500_utm | * | cpe:2.3:h:sofaware:safe_at_office_500_utm:*:*:*:*:*:*:*:* |