Vulnerabilities > CVE-2018-10174 - Server-Side Request Forgery (SSRF) vulnerability in Digitalguardian Management Console 7.1.2.0015

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

digitalguardian

CWE-918

NVD

Published: 2018-04-20

Updated: 2018-05-22

Summary

Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role.

Vulnerable Configurations

Part	Description	Count
Application	Digitalguardian Digitalguardian Management Console 7.1.2.0015	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Packetstorm

data source	https://packetstormsecurity.com/files/download/147260/dgmc-ssrf.txt
id	PACKETSTORM:147260
last seen	2018-04-19
published	2018-04-19
reporter	Pawel Gocyla
source	https://packetstormsecurity.com/files/147260/Digital-Guardian-Management-Console-7.1.2.0015-Server-Side-Request-Forgery.html
title	Digital Guardian Management Console 7.1.2.0015 Server Side Request Forgery

References

http://packetstormsecurity.com/files/147260/Digital-Guardian-Management-Console-7.1.2.0015-Server-Side-Request-Forgery.html