Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-10201

An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667.

Published

2018-04-20T08:29:00.240

Last Modified

2024-11-21T03:41:00.460

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ncomputing	vspace_pro	10	Yes
Application	ncomputing	vspace_pro	11	Yes

References

http://www.kwell.net/kwell_blog/?p=5199 Exploit, Third Party Advisory ([email protected])
https://support.ncomputing.com/portal/kb/articles/ncomputing-health-monitor-server-vulnerability-patch ([email protected])
https://www.exploit-db.com/exploits/44497/ Exploit, Third Party Advisory, VDB Entry ([email protected])
https://www.kwell.net/kwell/index.php?option=com_newsfeeds&view=newsfeed&id=15&Itemid=173&lang=es Third Party Advisory ([email protected])
http://www.kwell.net/kwell_blog/?p=5199 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.ncomputing.com/portal/kb/articles/ncomputing-health-monitor-server-vulnerability-patch (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/44497/ Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.kwell.net/kwell/index.php?option=com_newsfeeds&view=newsfeed&id=15&Itemid=173&lang=es Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)