CVE-2019-14476
Description
AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server. Every user can trick the server into performing SMB requests to other systems.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
AdRem NetCrunch 10.6.0.4587 allows authenticated users to perform SSRF attacks, tricking the server into making SMB requests to other systems.
Vulnerability
AdRem NetCrunch 10.6.0.4587 contains a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server. Any authenticated user can cause the server to initiate SMB requests to arbitrary hosts. The issue is fixed in version 10.6.1.4607 [1].
Exploitation
An attacker with valid credentials can send a request to open an SMB share (e.g., \\attacker-controlled\share). The server will attempt to connect, potentially leaking internal network information or accessing files on accessible shares [1].
Impact
Successful exploitation enables limited internal network scanning and access to files on SMB shares reachable by the server. The attacker cannot directly execute code but can gather intelligence for further attacks [1].
Mitigation
Upgrade to NetCrunch version 10.6.1.4607 or later. No workarounds are documented; apply the vendor patch promptly [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- AdRem/NetCrunchdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- compass-security.com/fileadmin/Research/Advisories/2020-10_CSNC-2019-011_AdRem_NetCrunch_Server-Side_Request_Forgery_SSRF.txtmitrex_refsource_MISC
- www.adremsoft.com/support/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.