Search
Total
273 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14474 | 1 Cellebrite | 2 Ufed, Ufed Firmware | 2020-07-10 | 5.0 MEDIUM | 7.5 HIGH |
| The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device running the same version of the software, and does not appear to be changed with each new build. It is possible to reconstruct the decryption process using the hardcoded key material and obtain easy access to otherwise protected data. | |||||
| CVE-2020-3234 | 1 Cisco | 5 1120, 1240, 809 and 2 more | 2020-06-10 | 7.2 HIGH | 8.8 HIGH |
| A vulnerability in the virtual console authentication of Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an authenticated but low-privileged, local attacker to log in to the Virtual Device Server (VDS) of an affected device by using a set of default credentials. The vulnerability is due to the presence of weak, hard-coded credentials. An attacker could exploit this vulnerability by authenticating to the targeted device and then connecting to VDS through the device’s virtual console by using the static credentials. A successful exploit could allow the attacker to access the Linux shell of VDS as the root user. | |||||
| CVE-2020-1764 | 2 Kiali, Redhat | 2 Kiali, Openshift Service Mesh | 2020-05-28 | 7.5 HIGH | 8.6 HIGH |
| A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration. | |||||
| CVE-2020-11549 | 1 Netgear | 6 Rbs50y, Rbs50y Firmware, Srr60 and 3 more | 2020-05-20 | 8.3 HIGH | 8.8 HIGH |
| An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The root account has the same password as the Web-admin component. Thus, by exploiting CVE-2020-11551, it is possible to achieve remote code execution with root privileges on the embedded Linux system. | |||||
| CVE-2019-4327 | 1 Hcltech | 1 Appscan | 2020-04-29 | 5.0 MEDIUM | 7.5 HIGH |
| "HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files." | |||||
| CVE-2019-20656 | 1 Netgear | 30 D6200, D6200 Firmware, D7000 and 27 more | 2020-04-22 | 3.3 LOW | 8.8 HIGH |
| Certain NETGEAR devices are affected by a hardcoded password. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.24, JR6150 before 1.0.1.24, R6120 before 1.0.0.48, R6220 before 1.1.0.86, R6230 before 1.1.0.86, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, and WNR2020 before 1.1.0.62. | |||||
| CVE-2020-10884 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2020-04-15 | 5.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on UDP port 20002 by default. This issue results from the use of hard-coded encryption key. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9652. | |||||
| CVE-2019-13559 | 1 Ge | 1 Mark Vie Controll System | 2020-04-08 | 7.2 HIGH | 7.8 HIGH |
| GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. A limited application of the affected product may ship without setup and configuration instructions immediately available to the end user. The bulk of controllers go into applications requiring the GE commissioning engineer to change default configurations during the installation process. GE recommends that users reset controller passwords during installation in the operating environment. | |||||
| CVE-2020-6983 | 1 Moxa | 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more | 2020-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, the affected products use a hard-coded cryptographic key, which increases the possibility that confidential data can be recovered. | |||||
| CVE-2020-6979 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2020-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a hard-coded cryptographic key, increasing the possibility that confidential data can be recovered. | |||||
| CVE-2019-14309 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2020-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders. | |||||
| CVE-2019-5158 | 1 Wago | 1 E\!cockpit | 2020-03-17 | 4.3 MEDIUM | 7.8 HIGH |
| An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability. | |||||
| CVE-2020-9435 | 1 Phoenixcontact | 12 Tc Cloud Client 1002-4g, Tc Cloud Client 1002-4g Firmware, Tc Cloud Client 1002-txtx and 9 more | 2020-03-16 | 5.0 MEDIUM | 7.5 HIGH |
| PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G through 2.05.3, TC ROUTER 3002T-4G VZW through 2.05.3, TC ROUTER 3002T-4G ATT through 2.05.3, TC CLOUD CLIENT 1002-4G through 2.03.17, and TC CLOUD CLIENT 1002-TXTX through 1.03.17 devices contain a hardcoded certificate (and key) that is used by default for web-based services on the device. Impersonation, man-in-the-middle, or passive decryption attacks are possible if the generic certificate is not replaced by a device-specific certificate during installation. | |||||
| CVE-2020-3165 | 1 Cisco | 65 Nexus 3016, Nexus 3048, Nexus 3064 and 62 more | 2020-03-04 | 4.3 MEDIUM | 8.2 HIGH |
| A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authentication in Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection with the device. The vulnerability occurs because the BGP MD5 authentication is bypassed if the peer does not have MD5 authentication configured, the NX-OS device does have BGP MD5 authentication configured, and the NX-OS BGP virtual routing and forwarding (VRF) name is configured to be greater than 19 characters. An attacker could exploit this vulnerability by attempting to establish a BGP session with the NX-OS peer. A successful exploit could allow the attacker to establish a BGP session with the NX-OS device without MD5 authentication. The Cisco implementation of the BGP protocol accepts incoming BGP traffic only from explicitly configured peers. To exploit this vulnerability, an attacker must send the malicious packets over a TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the affected system’s trusted network. | |||||
| CVE-2020-4283 | 1 Ibm | 1 Security Information Queue | 2020-03-03 | 5.0 MEDIUM | 8.6 HIGH |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 176206. | |||||
| CVE-2013-6277 | 1 Qnap | 2 Viocard 300, Viocard 300 Firmware | 2020-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| QNAP VioCard 300 has hardcoded RSA private keys. | |||||
| CVE-2019-15017 | 1 Zingbox | 1 Inspector | 2020-02-17 | 7.2 HIGH | 8.4 HIGH |
| The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials. | |||||
| CVE-2019-15015 | 1 Zingbox | 1 Inspector | 2020-02-17 | 7.2 HIGH | 8.4 HIGH |
| In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system. | |||||
| CVE-2012-4381 | 1 Mediawiki | 1 Mediawiki | 2020-02-12 | 9.3 HIGH | 8.1 HIGH |
| MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors. | |||||
| CVE-2019-7212 | 1 Smartertools | 1 Smartermail | 2020-02-10 | 6.4 MEDIUM | 8.2 HIGH |
| SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mailing lists. | |||||
| CVE-2013-1352 | 1 Veraxsystems | 1 Network Management System | 2020-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive. | |||||
| CVE-2019-15977 | 1 Cisco | 1 Data Center Network Manager | 2020-02-06 | 7.8 HIGH | 7.5 HIGH |
| Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-5222 | 1 Apereo | 1 Opencast | 2020-02-05 | 6.5 MEDIUM | 8.8 HIGH |
| Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. This means that an attacker getting access to a remember-me token for one server can get access to all servers which allow log-in using the same credentials without ever needing the credentials. This problem is fixed in Opencast 7.6 and Opencast 8.1 | |||||
| CVE-2013-2567 | 1 Zavio | 4 F3105, F3105 Firmware, F312a and 1 more | 2020-02-01 | 5.0 MEDIUM | 7.5 HIGH |
| An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information. | |||||
| CVE-2013-2572 | 1 Tp-link | 8 Tl-sc 3130, Tl-sc 3130 Firmware, Tl-sc 3130g and 5 more | 2020-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files. | |||||
| CVE-2019-10995 | 1 Abb | 16 Cp651, Cp651-web, Cp651-web Firmware and 13 more | 2020-01-24 | 5.8 MEDIUM | 8.8 HIGH |
| ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. | |||||
| CVE-2019-14919 | 1 Billion | 2 Sg600 R2, Sg600 R2 Firmware | 2020-01-21 | 7.2 HIGH | 7.8 HIGH |
| An exposed Telnet Service on the Billion Smart Energy Router SG600R2 with firmware v3.02.rc6 allows a local network attacker to authenticate via hardcoded credentials into a shell, gaining root execution privileges over the device. | |||||
| CVE-2013-3619 | 2 Citrix, Supermicro | 10 Netscaler, Netscaler Firmware, Netscaler Sd-wan and 7 more | 2020-01-15 | 4.3 MEDIUM | 8.1 HIGH |
| Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon. | |||||
| CVE-2019-19017 | 1 Titanhq | 1 Webtitan | 2019-12-09 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered in TitanHQ WebTitan before 5.18. The appliance has a hard-coded root password set during installation. An attacker could utilize this to gain root privileges on the system. | |||||
| CVE-2019-13543 | 1 Medtronic | 5 Valleylab Exchange Client, Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware and 2 more | 2019-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. | |||||
| CVE-2019-16207 | 1 Broadcom | 1 Brocade Sannav | 2019-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| Brocade SANnav versions before v2.0 use a hard-coded password, which could allow local authenticated attackers to access a back-end database and gain privileges. | |||||
| CVE-2018-18929 | 1 Trms | 2 Seneca Hdn, Seneca Hdn Firmware | 2019-11-05 | 4.0 MEDIUM | 8.8 HIGH |
| The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unattend.xml" file left over on the C: drive from the Sysprep process. An attacker with this username and password can leverage it to gain administrator-level access on the system. | |||||
| CVE-2019-13657 | 1 Broadcom | 2 Ca Performance Management, Network Operations | 2019-10-24 | 6.5 MEDIUM | 8.8 HIGH |
| CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security. | |||||
| CVE-2019-6548 | 1 Ge | 1 Ge Communicator | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user. | |||||
| CVE-2019-7225 | 1 Abb | 32 Cp620, Cp620-web, Cp620-web Firmware and 29 more | 2019-10-09 | 5.8 MEDIUM | 8.8 HIGH |
| The ABB HMI components implement hidden administrative accounts that are used during the provisioning phase of the HMI interface. These credentials allow the provisioning tool "Panel Builder 600" to flash a new interface and Tags (MODBUS coils) mapping to the HMI. These credentials are the idal123 password for the IdalMaster account, and the exor password for the exor account. These credentials are used over both HTTP(S) and FTP. There is no option to disable or change these undocumented credentials. An attacker can use these credentials to login to ABB HMI to read/write HMI configuration files and also to reset the device. This affects ABB CP635 HMI, CP600 HMIClient, Panel Builder 600, IDAL FTP server, IDAL HTTP server, and multiple other HMI components. | |||||
| CVE-2019-3938 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2019-10-09 | 2.1 LOW | 7.8 HIGH |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any configuration file since all the encryption logic is hard coded. A local attacker can use this vulnerability to gain access to devices username and passwords. | |||||
| CVE-2019-3906 | 1 Identicard | 1 Premisys Id | 2019-10-09 | 9.0 HIGH | 8.8 HIGH |
| Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents. | |||||
| CVE-2019-3908 | 1 Identicard | 1 Premisys Id | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data. | |||||
| CVE-2019-1919 | 1 Cisco | 2 Findit Network Manager, Findit Network Probe | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the Cisco FindIT Network Management Software virtual machine (VM) images could allow an unauthenticated, local attacker who has access to the VM console to log in to the device with a static account that has root privileges. The vulnerability is due to the presence of an account with static credentials in the underlying Linux operating system. An attacker could exploit this vulnerability by logging in to the command line of the affected VM with the static account. A successful exploit could allow the attacker to log in with root-level privileges. This vulnerability affects only Cisco FindIT Network Manager and Cisco FindIT Network Probe Release 1.1.4 if these products are using Cisco-supplied VM images. No other releases or deployment models are known to be vulnerable. | |||||
| CVE-2019-1688 | 1 Cisco | 1 Network Assurance Engine | 2019-10-09 | 5.6 MEDIUM | 7.1 HIGH |
| A vulnerability in the management web interface of Cisco Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. The vulnerability is due to a fault in the password management system of NAE. An attacker could exploit this vulnerability by authenticating with the default administrator password via the CLI of an affected server. A successful exploit could allow the attacker to view potentially sensitive information or bring the server down, causing a DoS condition. This vulnerability affects Cisco Network Assurance Engine (NAE) Release 3.0(1). The default password condition only affects new installations of Release 3.0(1). | |||||
| CVE-2019-1675 | 1 Cisco | 2 Aironet Active Sensor, Digital Network Architecture Center | 2019-10-09 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the default configuration of the Cisco Aironet Active Sensor could allow an unauthenticated, remote attacker to restart the sensor. The vulnerability is due to a default local account with a static password. The account has privileges only to reboot the device. An attacker could exploit this vulnerability by guessing the account name and password to access the CLI. A successful exploit could allow the attacker to reboot the device repeatedly, creating a denial of service (DoS) condition. It is not possible to change the configuration or view sensitive data with this account. Versions prior to DNAC1.2.8 are affected. | |||||
| CVE-2019-13530 | 1 Philips | 19 865240, 865241, 865242 and 16 more | 2019-10-09 | 6.5 MEDIUM | 7.2 HIGH |
| Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). An attacker can use these credentials to login via ftp and upload a malicious firmware. | |||||
| CVE-2018-8857 | 1 Philips | 8 Brilliance Ct Big Bore, Brilliance Ct Big Bore Firmware, Brilliance 64 and 5 more | 2019-10-09 | 7.2 HIGH | 7.8 HIGH |
| Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) contains fixed credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. An attacker could compromise these credentials and gain access to the system. | |||||
| CVE-2018-5560 | 1 Guardzilla | 2 Gz521w, Gz521w Firmware | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device. | |||||
| CVE-2018-1887 | 1 Ibm | 1 Security Access Manager | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 152078. | |||||
| CVE-2018-17896 | 1 Yokogawa | 8 Fcj, Fcj Firmware, Fcn-100 and 5 more | 2019-10-09 | 9.3 HIGH | 8.1 HIGH |
| Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work. | |||||
| CVE-2018-17492 | 1 Hidglobal | 1 Easylobby Solo | 2019-10-09 | 2.1 LOW | 7.8 HIGH |
| EasyLobby Solo contains default administrative credentials. An attacker could exploit this vulnerability to gain full access to the application. | |||||
| CVE-2018-15781 | 1 Dell | 1 Wyse Thinlinux | 2019-10-09 | 7.9 HIGH | 8.0 HIGH |
| The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decrypt locally stored cipher text. | |||||
| CVE-2018-0141 | 1 Cisco | 3 Prime Collaboration, Prime Collaboration Assurance, Prime Collaboration Provisioning | 2019-10-09 | 7.2 HIGH | 8.4 HIGH |
| A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. The vulnerability is due to a hard-coded account password on the system. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. A successful exploit could allow the attacker to access the underlying operating system as a low-privileged user. After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device. Cisco Bug IDs: CSCvc82982. | |||||
| CVE-2017-7537 | 2 Dogtagpki, Redhat | 4 Dogtagpki, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. | |||||