Vulnerability Description
Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debugger-pause state during the authentication process.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Skyboxsecurity | Skybox Manager Client Application | <= 8.5.500 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101069Third Party AdvisoryVDB Entry
- https://lp.skyboxsecurity.com/rs/440-MPQ-510/images/Skybox_Product_Security_AdviVendor Advisory
- http://www.securityfocus.com/bid/101069Third Party AdvisoryVDB Entry
- https://lp.skyboxsecurity.com/rs/440-MPQ-510/images/Skybox_Product_Security_AdviVendor Advisory
FAQ
What is CVE-2017-14770?
CVE-2017-14770 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Skybox Manager Client Application prior to 8.5.501 is prone to an information disclosure vulnerability of user password hashes. A local authenticated attacker can access the password hashes in a debug...
How severe is CVE-2017-14770?
CVE-2017-14770 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-14770?
Check the references section above for vendor advisories and patch information. Affected products include: Skyboxsecurity Skybox Manager Client Application.