CVE-2015-1173 : Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly rest

Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges via crafted "received parameters."

Published 2015-09-16 18:59:02

Updated 2015-09-17 18:43:36

Source MITRE

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2015-1173

Unit4 » Teta Web
Versions up to, including, (<=) 22.62.3.4
cpe:2.3:a:unit4:teta_web:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-1173

EPSS FAQ

0.53%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 65 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-1173

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2015-1173

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-1173

http://packetstormsecurity.com/files/133147/UNIT4TETA-TETA-WEB-22.62.3.4-Authorization-Bypass.html

UNIT4TETA TETA WEB 22.62.3.4 Authorization Bypass ≈ Packet Storm
http://seclists.org/fulldisclosure/2015/Aug/68

Full Disclosure: UNIT4TETA TETA WEB - Authorization Bypass vulnerability

Jump to

Vulnerability Details : CVE-2015-1173

Products affected by CVE-2015-1173

Exploit prediction scoring system (EPSS) score for CVE-2015-1173

CVSS scores for CVE-2015-1173

CWE ids for CVE-2015-1173

References for CVE-2015-1173