This security bulletin contains one medium risk vulnerability.
CWE-778 - Insufficient Logging
Exploit availability: NoDescription
The vulnerability allows a remote user to create special accounts with administrative privileges.
The vulnerability exists due to the affected device allows the creation of special accounts (service users) with administrative privileges. A remote administrator can perform actions that are not visible to other users of the system, such as granting persons access to a secured area.Mitigation
Install updates from vendor's website.Vulnerable software versions
SIPORT MP: before 3.1.4
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.