CVE-2019-16061

Published: Mar 19, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system to read sensitive data (e.g., .htpasswd) and create/modify/delete content (e.g., under /var/www/html/docs) within the operating system.

Affected (1)

Products: Netsas: Enigma Network Management Solution

1 product

Enigma Network Management Solution

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Netsas Enigma Network Management Solution	Up to 65.0.0

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://www.mogozobo.com/?p=3647

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.mogozobo.com/?p=3647

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.