Summaryinfo

A vulnerability classified as problematic was found in Aquaforest TIFF Server 4.0. This vulnerability affects unknown code of the component UNC Handler. The manipulation leads to insufficiently protected credentials. This vulnerability was named CVE-2020-9324. The attack can be initiated remotely. There is no exploit available. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Detailsinfo

A vulnerability classified as problematic has been found in Aquaforest TIFF Server 4.0. This affects some unknown functionality of the component UNC Handler. The manipulation with an unknown input leads to a insufficiently protected credentials vulnerability. CWE is classifying the issue as CWE-522. The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. This is going to have an impact on confidentiality. The summary by CVE is:

Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC.

The weakness was shared 03/18/2020. This vulnerability is uniquely identified as CVE-2020-9324 since 02/20/2020. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1552 according to MITRE ATT&CK.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entries VDB-151840 and VDB-151838 are related to this item. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Vendor

• Aquaforest

Name

• TIFF Server

Version

• 4.0

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion