EIP-7d4ec9e3

Several versions of LiveAction LiveNX network monitoring software contain Amazon Web Services (AWS) credentials. These credentials have privileged access to the LiveAction AWS infrastructure. A remote attacker may abuse these credentials to gain access to LiveAction internal resources.

Vulnerability Identifiers

• Exodus Intelligence: EIP-7d4ec9e3
• MITRE CVE: N/A

Vulnerability Metrics

• CVSSv2 Score: 10

Vendor References

• This vulnerability has been address in LiveAction LiveNX version 21.4.0

Discovery Credit

• Exodus Intelligence

Disclosure Timeline

• Disclosed to affected vendor: July 1st, 2021
• Disclosed to public: January 19th, 2022

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected].

Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program.