vulnerability

CVE-2023-2991: Remote hard drive serial number disclosure

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:H/Au:N/C:P/I:N/A:N)	Jun 22, 2023	Jun 22, 2023	Jul 4, 2023

Severity

CVSS

(AV:N/AC:H/Au:N/C:P/I:N/A:N)

Published

Jun 22, 2023

Added

Jun 22, 2023

Modified

Jul 4, 2023

Description

The hard drive serial number of the server hosting a Globalscape EFT instance can be derived by requesting a TER ("trial extension request") identifier.

Solution

globalscape-eft-cve-2023-2991

References

CVE-2023-2991
https://attackerkb.com/topics/CVE-2023-2991
https://kb.globalscape.com/Knowledgebase/11589/Is-EFT-susceptible-to-the-Remotely-obtain-HDD-serial-number-vulnerability
https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today