EIP-7d4ec9e3
Several versions of LiveAction LiveNX network monitoring software contain Amazon Web Services (AWS) credentials. These credentials have privileged access to the LiveAction AWS infrastructure. A remote attacker may abuse these credentials to gain access to LiveAction internal resources.
Vulnerability Identifiers
- Exodus Intelligence: EIP-7d4ec9e3
- MITRE CVE: N/A
Vulnerability Metrics
- CVSSv2 Score: 10
Vendor References
- This vulnerability has been address in LiveAction LiveNX version 21.4.0
Discovery Credit
- Exodus Intelligence
Disclosure Timeline
- Disclosed to affected vendor: July 1st, 2021
- Disclosed to public: January 19th, 2022
Further Information
Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com.
Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program.