CVE-2018-10201 Information

Description

An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials with …/ or …\ or …./ or ….\ as a directory-traversal pattern to TCP port 8667.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.kwell.net/kwell_blog/?p=5199 https://support.ncomputing.com/portal/kb/articles/ncomputing-health-monitor-server-vulnerability-patch https://www.exploit-db.com/exploits/44497/ https://www.kwell.net/kwell/index.php?option=com_newsfeeds&view=newsfeed&id=15&Itemid=173&lang=es

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5