CVE-2018-10201 Information
Share on:
Feb 14, 2021
cve
Description
An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials with …/ or …\ or …./ or ….\ as a directory-traversal pattern to TCP port 8667.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
http://www.kwell.net/kwell_blog/?p=5199 https://support.ncomputing.com/portal/kb/articles/ncomputing-health-monitor-server-vulnerability-patch https://www.exploit-db.com/exploits/44497/ https://www.kwell.net/kwell/index.php?option=com_newsfeeds&view=newsfeed&id=15&Itemid=173&lang=es
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
7.5