Описание
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.
Ссылки
- US Government Resource
- US Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 9.22 (включая)
Одно из
cpe:2.3:a:iconics:genesis32:*:*:*:*:*:*:*:*
cpe:2.3:a:iconics:genesis32:8.05:*:*:*:*:*:*:*
cpe:2.3:a:iconics:genesis32:9.0:*:*:*:*:*:*:*
cpe:2.3:a:iconics:genesis32:9.1:*:*:*:*:*:*:*
cpe:2.3:a:iconics:genesis32:9.01:*:*:*:*:*:*:*
cpe:2.3:a:iconics:genesis32:9.2:*:*:*:*:*:*:*
cpe:2.3:a:iconics:genesis32:9.13:*:*:*:*:*:*:*
cpe:2.3:a:iconics:genesis32:9.20:*:*:*:*:*:*:*
cpe:2.3:a:iconics:genesis32:9.21:*:*:*:*:*:*:*
Конфигурация 2Версия до 9.22 (включая)
Одно из
cpe:2.3:a:iconics:bizviz:*:*:*:*:*:*:*:*
cpe:2.3:a:iconics:bizviz:8.05:*:*:*:*:*:*:*
cpe:2.3:a:iconics:bizviz:9.0:*:*:*:*:*:*:*
cpe:2.3:a:iconics:bizviz:9.01:*:*:*:*:*:*:*
cpe:2.3:a:iconics:bizviz:9.1:*:*:*:*:*:*:*
cpe:2.3:a:iconics:bizviz:9.2:*:*:*:*:*:*:*
cpe:2.3:a:iconics:bizviz:9.13:*:*:*:*:*:*:*
cpe:2.3:a:iconics:bizviz:9.20:*:*:*:*:*:*:*
cpe:2.3:a:iconics:bizviz:9.21:*:*:*:*:*:*:*
EPSS
Процентиль: 8%
0.00031
Низкий
4.4 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
github
больше 3 лет назад
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response.
EPSS
Процентиль: 8%
0.00031
Низкий
4.4 Medium
CVSS2
Дефекты
CWE-310