Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TLS Private Key Accessible to External Parties
Vulnerability Description
A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
Vulnerability Type
对外部实体的文件或目录可访问
Vulnerability Title
TYAN Tempest CX S5552 安全漏洞
Vulnerability Description
TYAN Tempest CX S5552是TYAN公司的用于 Xeon E 系列的服务器主板。 TYAN Tempest CX S5552 3.00版本存在安全漏洞,该漏洞源于Web 界面中存在外部可访问的文件或目录,允许未经身份验证的远程攻击者通过强制浏览检索 BMC 使用的 TLS 证书的私钥。
CVSS Information
N/A
Vulnerability Type
N/A