Skip to main content

Neuvector

1 CVEs product

Monthly

CVE-2019-19747 CRITICAL POC Act Now

NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Neuvector
NVD
CVSS 3.1
9.8
EPSS
1.4%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

NeuVector 3.1 when configured to allow authentication via Active Directory, does not enforce non-empty passwords which allows an attacker with access to the Neuvector portal to authenticate as any. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Neuvector
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy