Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for eco_dc by aten

    CVE-2025-6685 (GCVE-0-2025-6685)

    Vulnerability from nvd – Published: 2025-09-02 19:48 – Updated: 2025-09-02 20:09
    VLAI
    Title
    ATEN eco DC Missing Authorization Privilege Escalation Vulnerability
    Summary
    ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The issue results from the lack of validating the assigned user role when handling requests. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-26647.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    ATEN eco DC Affected: 1.2.115
    Create a notification for this product.
    Date Public
    2025-07-24 21:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6685",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-02T20:09:30.564124Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-02T20:09:52.349Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "eco DC",
              "vendor": "ATEN",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.115"
                }
              ]
            }
          ],
          "dateAssigned": "2025-06-25T21:26:37.264Z",
          "datePublic": "2025-07-24T21:30:13.653Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the web-based interface. The issue results from the lack of validating the assigned user role when handling requests. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-26647."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-02T19:48:33.089Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-25-650",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-650/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.aten.com/global/en/supportcenter/info/security-advisory/25/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Vu Khanh Trinh (@_Sonicrr) from VNPT Cyber Immunity"
          },
          "title": "ATEN eco DC Missing Authorization Privilege Escalation Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2025-6685",
        "datePublished": "2025-09-02T19:48:33.089Z",
        "dateReserved": "2025-06-25T21:26:37.237Z",
        "dateUpdated": "2025-09-02T20:09:52.349Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6685 (GCVE-0-2025-6685)

    Vulnerability from cvelistv5 – Published: 2025-09-02 19:48 – Updated: 2025-09-02 20:09
    VLAI
    Title
    ATEN eco DC Missing Authorization Privilege Escalation Vulnerability
    Summary
    ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The issue results from the lack of validating the assigned user role when handling requests. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-26647.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    ATEN eco DC Affected: 1.2.115
    Create a notification for this product.
    Date Public
    2025-07-24 21:30
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6685",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-02T20:09:30.564124Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-02T20:09:52.349Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "eco DC",
              "vendor": "ATEN",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.2.115"
                }
              ]
            }
          ],
          "dateAssigned": "2025-06-25T21:26:37.264Z",
          "datePublic": "2025-07-24T21:30:13.653Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the web-based interface. The issue results from the lack of validating the assigned user role when handling requests. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-26647."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-02T19:48:33.089Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-25-650",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-650/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.aten.com/global/en/supportcenter/info/security-advisory/25/"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Vu Khanh Trinh (@_Sonicrr) from VNPT Cyber Immunity"
          },
          "title": "ATEN eco DC Missing Authorization Privilege Escalation Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2025-6685",
        "datePublished": "2025-09-02T19:48:33.089Z",
        "dateReserved": "2025-06-25T21:26:37.237Z",
        "dateUpdated": "2025-09-02T20:09:52.349Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }