Strix
26.1K

CVE-2018-10174

UnknownEPSS 1.20%

Last modified

CVE-2018-10174 is a vulnerability of currently unknown severity. Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role.. EPSS estimates a 1.20% chance of exploitation in the next 30 days.

Description

Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role.

Metrics

EPSS Probability
1.20%

64.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
DigitalguardianManagement Console7.1.2.0015

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-10174?
Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role.
How severe is CVE-2018-10174?
Severity scoring for CVE-2018-10174 is pending analysis. The EPSS model estimates a 1.20% probability of exploitation in the next 30 days.
How do I fix CVE-2018-10174?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-10174?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST