← volver
CVE-2017-9978

CVE-2017-9978

EPSS 4.7%
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames.
Productos afectados
n/a · n/a
PoCs públicas encontradas3
cve_referencepacketstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.htmlno verificadocve_referencewww.exploit-db.com/exploits/42517/no verificadoexploitdbwww.exploit-db.com/exploits/42517no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/143780/OSNEXUS-QuantaStor-4-Information-Disclosure.htmlhttp://seclists.org/fulldisclosure/2017/Aug/23https://www.exploit-db.com/exploits/42517/http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt