Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-12772

An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the (NT)LM hashes of the user are sent with the HTTP request. This allows an attacker to collect these hashes, crack them, and potentially compromise the computer. (ROAR can be configured for automatic access. Also, access can occur if the user clicks.)

Published

2020-05-12T20:15:11.723

Last Modified

2024-11-21T05:00:15.667

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	igniterealtime	spark	2.8.3	Yes
Operating System	microsoft	windows	-	No

References

https://github.com/theart42/cves/blob/master/cve-2020-12772/CVE-2020-12772.md Exploit, Third Party Advisory ([email protected])
https://github.com/theart42/cves/blob/master/cve-2020-12772/CVE-2020-12772.md Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)