CVE-2017-14971 Information

Description

Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker provides a crafted Microsoft Office document containing a link that has a UNC pathname associated with an attacker-controller server. In one specific scenario the attacker provides an Excel spreadsheet and the attacker-controller server receives the victim’s NetNTLMv2 hash.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Reference

https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/InFocus20Mondopad203C202.2.0820-20CVE-2017-14971

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.5