CVE-2017-15366

{"id": "CVE-2017-15366", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-10-26T20:29:00.420", "references": [{"url": "https://gist.github.com/emptythevoid/84248daccce8737f1cdd5b395cf6f32c", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devices (if no firewall is present) or the NDoc server itself. Once the password is known to an attacker, local access is not required."}, {"lang": "es", "value": "En versiones anteriores a la 8.0 de Thornberry NDoc, los clientes de ordenador port\u00e1til y el servidor tienen usuarios por defecto de la base de datos (Cache) establecidos con una \u00fanica contrase\u00f1a. La contrase\u00f1a se deja en un archivo de registro en texto claro durante la instalaci\u00f3n del cliente en ordenadores port\u00e1tiles. La contrase\u00f1a puede emplearse para obtener el acceso total admin/system a dispositivos cliente (si no existe firewall) o al propio servidor de NDoc. Una vez que un atacantes sepa una contrase\u00f1a, no es necesario acceder de forma local."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ndocsoftware:ndoc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0796F6AC-5A92-4A1B-A24F-0DF3197D6C7A", "versionEndIncluding": "7.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}