Aggregates CVE and security vulnerability intelligence across all ingeteam-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk input validation and vendor risk path handling; exposure may include vendor impact unexpected behavior and vendor impact file overwrite in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-3770 | Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol (1925/UDP) to obtain device-specific information without the need for authentication. | [email protected] | 5.3 | 0.10% | 2023-10-02 | 2024-11-21 |
| CVE-2023-3769 | Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services. | [email protected] | 8.6 | 0.13% | 2023-10-02 | 2024-11-21 |
| CVE-2023-3768 | Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services. | [email protected] | 8.6 | 0.13% | 2023-10-02 | 2024-11-21 |
| CVE-2017-20007 | Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the device´s web service could exploit this vulnerability in order to obtain different configuration files. | [email protected] | 5.3 | 0.29% | 2021-10-25 | 2024-11-21 |