漏洞标题
Claroty Secure Remote Access Site - 通过备用路径或通道进行身份验证绕过
漏洞描述信息
Claroty Secure Remote Access Site - 使用备用路径或通道进行身份验证绕过
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
漏洞类别
N/A
漏洞标题
Claroty Secure Remote Access Site - Authentication Bypass Using an Alternate Path or Channel
漏洞描述信息
Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface (UI). With access to the web UI an attacker can access assets managed by the SRA installation and could compromise the installation.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
漏洞类别
使用候选路径或通道进行的认证绕过
漏洞标题
Claroty Secure Remote Access 安全漏洞
漏洞描述信息
Claroty Secure Remote Access是美国Claroty公司的Claroty 平台的一个核心组件,为 OT 环境提供无摩擦、可靠且高度安全的远程访问。 Claroty Secure Remote Access 存在安全漏洞,该漏洞允许他们为web用户界面(UI)生成有效的会话令牌。
CVSS信息
N/A
漏洞类别
其他