CVE-2019-17240

3.7LOW

Key Information:

Vendor
Bludit
Status
Bludit
Vendor
CVE Published:
6 October 2019

Badges

👾 Exploit Exists🟡 Public PoC

Summary

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-17240
Created by pingport80

bludit-CVE-2019-17240
Created by jayngng

CVE-2019-17240_Bludit-BF-Bypass
Created by ColdFusionX

References

https://rastating.github.io/bludit-brute-force-mitigation...
x_refsource_MISC
https://github.com/bludit/bludit/pull/1090
x_refsource_MISC
http://packetstormsecurity.com/files/158875/Bludit-3.9.2-...
x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.