CVE-2016-5810
moderate-risk
Published 2017-05-02
upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors.
Do I need to act?
!
25.4% chance of exploitation in next 30 days
EPSS score — higher than 75% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.9/10
Medium
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (4)
Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-16-429
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01
Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-16-429
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-173-01
40
/ 100
moderate-risk
Severity
20/34 · Moderate
Exploitability
15/34 · Moderate
Exposure
5/34 · Minimal