4 matches found
CVE-2020-24548
Ericom Access Server 9.2.0 for AccessNow and Ericom Blaze allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform the attacker about closed ports...
CVE-2020-24548
The CVE-2020-24548 entry concerns Ericom Access Server 9.2.0 (AccessNow and Ericom Blaze). A Server-Side Request Forgery (SSRF) vulnerability enables the server to initiate outbound WebSocket connections to arbitrary TCP ports. The issue is evidenced by the application providing a generic “Cannot...
Ericom Access Server 9.2.0 Server-Side Request Forgery Exploit
Ericom Access Server allows attackers to initiate SSRF requests making outbound connections to arbitrary hosts and TCP ports. Attackers, who can reach the AccessNow server can target internal systems that are behind firewalls that are typically not accessible. This can also be used to target...
Ericom Access Server 9.2.0 Server-Side Request Forgery
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/ERICOM-ACCESS-SERVER-ACCESS-NOW-BLAZE-9.2.0-SERVER-SIDE-REQUEST-FORGERY.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.ericom.com Product Ericom Access Server x64...