CVE-2018-10201
published 2018-04-20CVE-2018-10201: An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root…
PriorityP271high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
45.63%
98.6th percentile
An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ncomputing | vspace_pro | — | — |
| ncomputing | vspace_pro | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation requires no credentials; any unauthenticated GET request to port 8667 with traversal patterns should be treated as suspicious. ↗
- →Confirm successful exploitation by checking HTTP response body for win.ini content markers: 'bit app support', 'fonts', and 'extensions' all present simultaneously. ↗
- →Use nmap to identify exposed NcMonitorServer instances: scan for TCP port 8667 open on hosts running NComputing vSpace Pro. ↗
- ·The traversal depth used in the PoC is 9 levels deep (nine traversal segments) before reaching the target file path; shallower traversal attempts may not escape the web root. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Ncomputing vSpace Pro 10/11 - Directory Traversal
exploitdb·2018-04-23·CVSS 7.5
CVE-2018-10201 [HIGH] Ncomputing vSpace Pro 10/11 - Directory Traversal
Ncomputing vSpace Pro 10/11 - Directory Traversal
---
# Exploit Title: Ncomputing vSpace Pro v10 and v11 - Directory Traversal Vulnerability
# Date: 2018-04-20
# Software Vendor: NComputing
# Software Link:
# Author: Javier Bernardo
# Contact: [email protected]
# Website: http://www.kwell.net
# CVE: CVE-2018-10201
# Category: Webapps
#[Description]
#
#It is possible to read arbitrary files outside the root directory of
#the web server. This vulnerability could be exploited remotely by a
#crafted URL without credentials, with …/ or …\ or …./ or ….\ as a
#directory-traversal pattern to TCP port 8667.
#
#An attacker can make use of this vulnerability to step out of the root
#directory and access other parts of the file system. This might give
#the attacker the ability to view restricted fil
Nuclei
Ncomputing vSPace Pro 10 and 11 - Directory Traversal
nuclei·CVSS 7.5
CVE-2018-10201 [HIGH] Ncomputing vSPace Pro 10 and 11 - Directory Traversal
Ncomputing vSPace Pro 10 and 11 - Directory Traversal
Ncomputing vSpace Pro versions 10 and 11 suffer from a directory traversal vulnerability.
Template:
id: CVE-2018-10201
info:
name: Ncomputing vSPace Pro 10 and 11 - Directory Traversal
author: 0x_akoko
severity: high
description: Ncomputing vSpace Pro versions 10 and 11 suffer from a directory traversal vulnerability.
impact: |
Successful exploitation of this vulnerability allows an attacker to read arbitrary files from the target system.
remediation: |
Apply the latest security patches or updates provided by Ncomputing to fix the directory traversal vulnerability.
reference:
- https://packetstormsecurity.com/files/147303/Ncomputing-vSPace-Pro-10-11-Directory-Traversal.html
- https://nvd.nist.gov/vuln/detail/CVE-2018-10201
- http://
No writeups or analysis indexed.
http://www.kwell.net/kwell_blog/?p=5199https://support.ncomputing.com/portal/kb/articles/ncomputing-health-monitor-server-vulnerability-patchhttps://www.exploit-db.com/exploits/44497/https://www.kwell.net/kwell/index.php?option=com_newsfeeds&view=newsfeed&id=15&Itemid=173&lang=eshttp://www.kwell.net/kwell_blog/?p=5199https://support.ncomputing.com/portal/kb/articles/ncomputing-health-monitor-server-vulnerability-patchhttps://www.exploit-db.com/exploits/44497/https://www.kwell.net/kwell/index.php?option=com_newsfeeds&view=newsfeed&id=15&Itemid=173&lang=es
2018-04-20
Published