LiveAction LiveNX AWS Credential Disclosure Vulnerability
2022-1-20 04:56:33 Author: blog.exodusintel.com(查看原文) 阅读量:21 收藏

EIP-7d4ec9e3

Several versions of LiveAction LiveNX network monitoring software contain Amazon Web Services (AWS) credentials. These credentials have privileged access to the LiveAction AWS infrastructure. A remote attacker may abuse these credentials to gain access to LiveAction internal resources.

Vulnerability Identifiers

  • Exodus Intelligence: EIP-7d4ec9e3
  • MITRE CVE: N/A

Vulnerability Metrics

  • CVSSv2 Score: 10

Vendor References

  • This vulnerability has been address in LiveAction LiveNX version 21.4.0

Discovery Credit

  • Exodus Intelligence

Disclosure Timeline

  • Disclosed to affected vendor: July 1st, 2021
  • Disclosed to public: January 19th, 2022

Further Information

Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at [email protected].

Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program.


文章来源: https://blog.exodusintel.com/2022/01/19/liveaction-livenx-aws-credential-disclosure-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=liveaction-livenx-aws-credential-disclosure-vulnerability
如有侵权请联系:admin#unsafe.sh