vulnerability
CVE-2023-2991: Remote hard drive serial number disclosure
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:H/Au:N/C:P/I:N/A:N) | Jun 22, 2023 | Jun 22, 2023 | Jul 4, 2023 |
Severity
4
CVSS
(AV:N/AC:H/Au:N/C:P/I:N/A:N)
Published
Jun 22, 2023
Added
Jun 22, 2023
Modified
Jul 4, 2023
Description
The hard drive serial number of the server hosting a Globalscape EFT instance can be derived by requesting a TER ("trial extension request") identifier.
Solution
globalscape-eft-cve-2023-2991
References
- CVE-2023-2991
- https://attackerkb.com/topics/CVE-2023-2991
- URL-https://kb.globalscape.com/Knowledgebase/11589/Is-EFT-susceptible-to-the-Remotely-obtain-HDD-serial-number-vulnerability
- URL-https://www.rapid7.com/blog/post/2023/06/22/multiple-vulnerabilities-in-fortra-globalscape-eft-administration-server-fixed/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.