CVE-2019-7666

Опубликовано: 01 июл. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Средний

Описание

Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password.

Ссылки

http://packetstormsecurity.com/files/155262/Prima-FlexAir-Access-Control-2.3.35-Database-Backup-Predictable-Name.html
Exploit
Third Party Advisory
VDB Entry
https://applied-risk.com/labs/advisories
Third Party Advisory
https://www.applied-risk.com/resources/ar-2019-007
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-211-02
Third Party Advisory
US Government Resource
http://packetstormsecurity.com/files/155262/Prima-FlexAir-Access-Control-2.3.35-Database-Backup-Predictable-Name.html
Exploit
Third Party Advisory
VDB Entry
https://applied-risk.com/labs/advisories
Third Party Advisory
https://www.applied-risk.com/resources/ar-2019-007
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-211-02
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:primasystems:flexair:*:*:*:*:*:*:*:*

Версия до 2.3.38 (включая)

EPSS

Процентиль: 95%

0.20132

Средний

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-2j6j-xh5r-gf2p