This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Kofax Capture has a critical **Access Control Error**. It exposes a .NET Remoting HTTP channel without authentication.β¦
π‘οΈ **Root Cause**: **CWE-306** (Missing Authentication for Critical Function). The flaw lies in exposing a .NET Remoting endpoint via HTTP that requires **NO identity verification**.β¦
π’ **Affected Vendor**: Tungsten Automation (Kofax). π¦ **Product**: Kofax Capture. π **Version**: Specifically **6.0.0.0**. If you run this version, you are in the danger zone! β οΈ
Q4What can hackers do? (Privileges/Data)
π **Attacker Capabilities**: 1. π **Read**: Extract ANY file from the server filesystem. 2. βοΈ **Write**: Drop attacker-controlled files anywhere. 3.β¦
π£ **Public Exploit**: Yes. A technical description and PoC are available on GitHub (Gist by VAMorales). Third-party advisories confirm the exploitability. Wild exploitation is highly likely given the low barrier. π
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for open **.NET Remoting HTTP channels** on default ports. Look for unauthenticated access to Kofax Capture endpoints.β¦
π₯ **Urgency**: **CRITICAL (P1)**. CVSS Score is **9.1** (High). Remote code execution/file manipulation without auth is a nightmare. Patch or mitigate **IMMEDIATELY**. Do not wait! β³