Several versions of LiveAction LiveNX network monitoring software contain Amazon Web Services (AWS) credentials. These credentials have privileged access to the LiveAction AWS infrastructure. A remote attacker may abuse these credentials to gain access to LiveAction internal resources.
- Exodus Intelligence: EIP-7d4ec9e3
- MITRE CVE: N/A
- CVSSv2 Score: 10
- This vulnerability has been address in LiveAction LiveNX version 21.4.0
- Exodus Intelligence
- Disclosed to affected vendor: July 1st, 2021
- Disclosed to public: January 19th, 2022
Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at firstname.lastname@example.org.
Researchers who are interested in monetizing their 0Day and NDay can work with us through our Research Sponsorship Program.