Description

AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1.1.2 allows a remote, authenticated user to open ports in the local system firewall by crafting an HTTP(S) request directly to the applicable API endpoint (despite not having permission to make changes to the system's network configuration).

Related CPE's

a

cubecoders

amp

Vulnerable

References

https://github.com/CubeCoders/AMP/issues/443

ExploitThird Party Advisory

https://github.com/CubeCoders/AMP/issues/443

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-863

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.5 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-04-30T18:15:09.363Z

4 years ago

Last modified

2024-11-21T05:06:31.640Z

1 year ago