Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55.
Las manipulaciones remotas en el actualizador de paquetes de idioma permiten un ataque de relevo de autenticaciĆ³n NTLM (NTLM-relay) al usuario del sistema en los productos HASP SRM, Sentinel HASP y Sentinel LDK de Gemalto anteriores a la versiĆ³n 7.55 de Sentinel LDK RTE.
AV:N/AC:L/Au:N/C:P/I:P/A:P
| Access Vector | NETWORK |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | PARTIAL |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-287
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| sentinel | sentinel_ldk_rte_firmware | * | <built-in method update of dict object at 0x72a9cd086a80> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:sentinel:sentinel_ldk_rte_firmware:*:*:*:*:*:*:*:* |