Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2018-11338

Intuit Lacerte 2017 for Windows in a client/server environment transfers the entire customer list in cleartext over SMB, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. The customer list contains each customer's full name, social security number (SSN), address, job title, phone number, Email address, spouse's phone/Email address, and other sensitive information. After the client software authenticates to the server database, the server sends the customer list. There is no need for further exploitation as all sensitive data is exposed. This vulnerability was validated on Intuit Lacerte 2017, however older versions of Lacerte may be vulnerable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Products affected by CVE-2018-11338
  • Intuit » Lacerte » Version: 1991
    cpe:2.3:a:intuit:lacerte:1991
  • Intuit » Lacerte » Version: 1992
    cpe:2.3:a:intuit:lacerte:1992
  • Intuit » Lacerte » Version: 1993
    cpe:2.3:a:intuit:lacerte:1993
  • Intuit » Lacerte » Version: 1994
    cpe:2.3:a:intuit:lacerte:1994
  • Intuit » Lacerte » Version: 1995
    cpe:2.3:a:intuit:lacerte:1995
  • Intuit » Lacerte » Version: 1996
    cpe:2.3:a:intuit:lacerte:1996
  • Intuit » Lacerte » Version: 1997
    cpe:2.3:a:intuit:lacerte:1997
  • Intuit » Lacerte » Version: 1998
    cpe:2.3:a:intuit:lacerte:1998
  • Intuit » Lacerte » Version: 2000
    cpe:2.3:a:intuit:lacerte:2000
  • Intuit » Lacerte » Version: 2001
    cpe:2.3:a:intuit:lacerte:2001
  • Intuit » Lacerte » Version: 2002
    cpe:2.3:a:intuit:lacerte:2002
  • Intuit » Lacerte » Version: 2003
    cpe:2.3:a:intuit:lacerte:2003
  • Intuit » Lacerte » Version: 2004
    cpe:2.3:a:intuit:lacerte:2004
  • Intuit » Lacerte » Version: 2005
    cpe:2.3:a:intuit:lacerte:2005
  • Intuit » Lacerte » Version: 2006
    cpe:2.3:a:intuit:lacerte:2006
  • Intuit » Lacerte » Version: 2007
    cpe:2.3:a:intuit:lacerte:2007
  • Intuit » Lacerte » Version: 2008
    cpe:2.3:a:intuit:lacerte:2008
  • Intuit » Lacerte » Version: 2009
    cpe:2.3:a:intuit:lacerte:2009
  • Intuit » Lacerte » Version: 2010
    cpe:2.3:a:intuit:lacerte:2010
  • Intuit » Lacerte » Version: 2011
    cpe:2.3:a:intuit:lacerte:2011
  • Intuit » Lacerte » Version: 2012
    cpe:2.3:a:intuit:lacerte:2012
  • Intuit » Lacerte » Version: 2013
    cpe:2.3:a:intuit:lacerte:2013
  • Intuit » Lacerte » Version: 2014
    cpe:2.3:a:intuit:lacerte:2014
  • Intuit » Lacerte » Version: 2015
    cpe:2.3:a:intuit:lacerte:2015
  • Intuit » Lacerte » Version: 2016
    cpe:2.3:a:intuit:lacerte:2016
  • Intuit » Lacerte » Version: 2017
    cpe:2.3:a:intuit:lacerte:2017


Products
Pricing
Contact Us

Shodan ® - All rights reserved