CVE-2019-17393
Last modified
CVE-2019-17393 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and password.. EPSS estimates a 1.84% chance of exploitation in the next 30 days.
Description
The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP (in cleartext) that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and password.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tomedo | Server | 1.7.3 |
References
- http://packetstormsecurity.com/files/154873/Tomedo-Server-1.7.3-Information-Disclosure-Weak-Cryptography.htmlThird Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2019/Oct/33Mailing List, Third Party Advisory
- http://packetstormsecurity.com/files/154873/Tomedo-Server-1.7.3-Information-Disclosure-Weak-Cryptography.htmlThird Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2019/Oct/33Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-17393?
How severe is CVE-2019-17393?
How do I fix CVE-2019-17393?
Are you affected by CVE-2019-17393?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST