MAXHUB Pivot Client Application
Summary
A vulnerability in MAXHUB Pivot client application versions prior to v1.36.2 allows attackers to access tenant email addresses and associated information in cleartext or cause a denial-of-service condition. Exploitation can occur by decrypting data using a hardcoded AES key or by enrolling unauthorized devices.
IFF Assessment
The vulnerability allows attackers to gain access to sensitive information and disrupt operations, posing a direct threat to defenders.
Severity
The CVSS score of 7.3 reflects a significant vulnerability due to the potential for cleartext access to sensitive data (Confidentiality Impact: High) and the possibility of service disruption (Availability Impact: High), combined with an easily exploitable attack vector.
Defender Context
This alert highlights a critical vulnerability in the MAXHUB Pivot client application that exposes tenant email addresses and can lead to denial-of-service conditions. Defenders should prioritize patching or updating affected systems to version v1.36.2 or newer to mitigate these risks. Organizations should also be vigilant about unauthorized device enrollments and review their encryption practices for sensitive data.