Vulnerabilities > CVE-2014-2950 - Unauthorized Access vulnerability in Datum Systems PSM-4500 and PSM-500 Series

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
NONE
Availability impact
NONE
network
low complexity
datumsystems

Summary

Datum Systems SnIP on PSM-500 and PSM-4500 devices does not require authentication for FTP sessions, which allows remote attackers to obtain sensitive information via RETR commands. <a href="http://cwe.mitre.org/data/definitions/220.html" target="_blank">CWE-220: Sensitive Data Under FTP Root</a>

Vulnerable Configurations

Part Description Count
OS
Datumsystems
2