CVE-2017-3222

EUVD-2017-12343
Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
inmarsatamosconnect
8.0
inmarsatamosconnect
8.0.1
inmarsatamosconnect
8.0.2
inmarsatamosconnect
8.2.0
inmarsatamosconnect
8.2.1
inmarsatamosconnect
8.2.2
inmarsatamosconnect
8.3.0
inmarsatamosconnect
8.3.1
inmarsatamosconnect
8.4.0
inmarsatamosconnect
8.4.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.inmarsat.com/news/inmarsat-response-to-ioactive-claims/
http://www.securityfocus.com/bid/99899
https://twitter.com/mkolsek/status/923988845783322625
https://www.kb.cert.org/vuls/id/586501
http://www.inmarsat.com/news/inmarsat-response-to-ioactive-claims/
http://www.securityfocus.com/bid/99899
https://twitter.com/mkolsek/status/923988845783322625
https://www.kb.cert.org/vuls/id/586501