A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response.
Metrics
CVSS Version: 3.1 |
Base Score: 5.9 MEDIUM Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
l➤ Exploitability Metrics: Attack Vector (AV)* NETWORK Attack Complexity (AC)* HIGH Privileges Required (PR)* HIGH User Interaction (UI)* NONE Scope (S)* UNCHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* HIGH Availability Impact (A)* NONE
Weakness Enumeration (CWE)
CWE-ID: CWE-200 CWE Name: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Source: BeyondTrust
Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC-ID: CAPEC-410 CAPEC Description: CAPEC-410 Information Elicitation