Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Server Spoofing Vulnerability in NxCloud
Vulnerability Description
An issue was discovered by IPVM team in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitimate client connects to the fake VMS server.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
使用欺骗进行的认证绕过
Vulnerability Title
Network Optix NxCloud 安全漏洞
Vulnerability Description
Network Optix NxCloud是美国Network Optix公司的一款应用程序。用于为设计和制造提供高性能功能。 Network Optix NxCloud 23.1.0.40440 之前版本存在安全漏洞,该漏洞源于通过使用合法 VMS 服务器的准确标识,可以将虚假 VMS 服务器添加到 NxCloud,因此,当合法客户端连接到假 VMS 服务器时,攻击者可以检索用户授权标头,攻击者利用该漏洞可以执行中间人攻击并劫持对 VMS 服务器的访问。
CVSS Information
N/A
Vulnerability Type
N/A