Base Score

MEDIUM5.9

CVE-2017-14955

Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.

VectorNETWORK

Published Bycve@mitre.org

Published DateOct 02, 2017, 01:29

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

5.9

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE

References

http://mathias-kettner.com/check_mk_werks.php?edition_id=raw&branch=1.2.8
https://mathias-kettner.de/check_mk_werks.php?werk_id=5208&HTML=yes
https://www.exploit-db.com/exploits/43021/

Base Score

MEDIUM5.9

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

5.9

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE