Описание
FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication.
Ссылки
- Product
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:iwt:facesentry_access_control_system_firmware:5.7.0:*:*:*:*:*:*:*
cpe:2.3:h:iwt:facesentry_access_control_system:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:iwt:facesentry_access_control_system_firmware:5.7.2:*:*:*:*:*:*:*
cpe:2.3:h:iwt:facesentry_access_control_system:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:iwt:facesentry_access_control_system_firmware:6.4.8:*:*:*:*:*:*:*
cpe:2.3:h:iwt:facesentry_access_control_system:-:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00394
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 7.5
github
около 1 месяца назад
FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication.
EPSS
Процентиль: 60%
0.00394
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-798