CVSS: 8.1EPSS: 5%CPEs: 1EXPL: 3CVE-2018-12520 – ntop-ng < 3.4.180617 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2018-12520
An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard library in use by the host running the service and the username of the user whose session they're targeting can abuse the deterministic random number generation in order to hijack the user's session, thus escalating their access. Se ha descubierto un problema en ntopng, en versiones 3.4 anteriores a la 3.4.180617. • https://www.exploit-db.com/exploits/44973 http://seclists.org/fulldisclosure/2018/Jul/14 https://gist.github.com/Psychotropos/3e8c047cada9b1fb716e6a014a428b7f https://github.com/ntop/ntopng/commit/30610bda60cbfc058f90a1c0a17d0e8f4516221a • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7458
https://notcve.org/view.php?id=CVE-2017-7458
The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty field that should have contained a hostname or IP address. La función NetworkInterface::getHost en NetworkInterface.cpp en ntopng en versiones anteriores a la 3.0 permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL y cierre inesperado de la aplicación) mediante un campo vacío que debería haber contenido un nombre de host o una dirección IP. • https://github.com/ntop/ntopng/blob/3.0/CHANGELOG.md https://github.com/ntop/ntopng/commit/01f47e04fd7c8d54399c9e465f823f0017069f8f • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7459
https://notcve.org/view.php?id=CVE-2017-7459
ntopng before 3.0 allows HTTP Response Splitting. ntopng en versiones anteriores a la 3.0 permite la separación de respuesta HTTP. • https://github.com/ntop/ntopng/blob/3.0/CHANGELOG.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7416
https://notcve.org/view.php?id=CVE-2017-7416
ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated. ntopng en versiones anteriores a la 3.0 permite Cross-Site Scripting (XSS) debido a que los parámetros GET y POST se validan de forma incorrecta. • https://github.com/ntop/ntopng/blob/3.0/CHANGELOG.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5473 – NTOPNG 2.4 Web Interface - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-5473
Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua. Vulnerabilidad de CSRF en ntopng hasta la versión 2.4 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, según lo demostrado por admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua y admin/password_reset.lua. ntopng Web Interface version 2.4.160627 suffers from a cross site request forgery token bypass vulnerability. • https://www.exploit-db.com/exploits/41141 http://www.securityfocus.com/bid/95654 https://github.com/ntop/ntopng/commit/1b2ceac8f578a246af6351c4f476e3102cdf21b3 https://github.com/ntop/ntopng/commit/f91fbe3d94c8346884271838ae3406ae633f6f15 • CWE-352: Cross-Site Request Forgery (CSRF) •