CVE-2017-20217

EUVD-2017-18928
Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrieve potentially sensitive configuration data without authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
VulnCheckCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
http://www.securitylab.ru/poc/486048.php
https://blogs.securiteam.com/index.php/archives/3094
https://cxsecurity.com/issue/WLB-2017050022
https://exchange.xforce.ibmcloud.com/vulnerabilities/125646
https://packetstormsecurity.com/files/142383
https://www.exploit-db.com/exploits/41958/
https://www.vulncheck.com/advisories/serviio-pro-rest-api-information-disclosure
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5404.php