Impact
The MSI NBFoundation Service v.2.0.2506.1201 contains a CWE-200 insecure permissions flaw that allows a remote attacker to obtain sensitive information encoded with 3DES-ECB. The vulnerability stems from improper access control. Based on the description, it is inferred that this flaw enables attackers to read or extract confidential data, thereby compromising confidentiality.
Affected Systems
The affected product is MSI NBFoundation Service version 2.0.2506.1201. No other vendors or versions are listed.
Risk and Exploitability
The EPSS score of < 1% and absence from KEV indicate limited publicly known exploitation. The CVSS score of 7.5 indicates high severity, meaning the vulnerability could have a considerable impact if exploited. Based on the provided details, it appears that attackers can retrieve encrypted data without overt intrusion. The high severity assessment warrants cautious mitigation.
OpenCVE Enrichment