CVE Vulnerability

CVE-2018-10201

An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ... or ..../ or .... as a directory-traversal pattern to TCP port 8667.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://www.kwell.net/kwell_blog/?p=5199 Exploit Third Party Advisory
https://www.kwell.net/kwell/index.php?option=com_newsfeeds&view=newsfeed&id=15&Itemid=173&lang=es Third Party Advisory
https://www.exploit-db.com/exploits/44497/ Exploit Third Party Advisory
https://support.ncomputing.com/portal/kb/articles/ncomputing-health-monitor-server-vulnerability-patch
Configurations

Configuration 1

cpe:2.3:a:ncomputing:vspace_pro:10:*:*:*:*:*:*:*
cpe:2.3:a:ncomputing:vspace_pro:11:*:*:*:*:*:*:*
Information

Published : 2018-04-20 08:29

Updated : 2018-05-16 01:29

NVD link : CVE-2018-10201

Mitre link : CVE-2018-10201

Products Affected
No products.
CWE
CWE-22