CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-14971

Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker provides a crafted Microsoft Office document containing a link that has a UNC pathname associated with an attacker-controller server. In one specific scenario, the attacker provides an Excel spreadsheet, and the attacker-controller server receives the victim's NetNTLMv2 hash.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.8%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 4.3

References

https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/InFocus%20Mondopad%20%3C%202.2.08%20-%20CVE-2017-14971
https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/InFocus%20Mondopad%20%3C%202.2.08%20-%20CVE-2017-14971

Products affected by CVE-2017-14971

Infocuscorp » Infocus Mondopad » Version: 2.2.08

cpe:2.3:a:infocuscorp:infocus_mondopad:2.2.08

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-14971

Products

Pricing

Contact Us