CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
AI Score
Confidence
Low
torchserve, is vulnerable to Exposure of Resource to Wrong Sphere. The vulnerability is due to the gRPC
ports 7070 and 7071 being bound to all interfaces by default when TorchServe is launched. This could allow attackers to access these ports on an adjacent network, potentially leading to unauthorized access.