Multiple vulnerabilities in PlexTrac



Published: 2022-09-12
Risk High
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2022-37145
CVE-2022-37144
CWE-ID CWE-307
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
PlexTrac
Other software / Other software solutions

Vendor

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Improper Restriction of Excessive Authentication Attempts

EUVDB-ID: #VU67172

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-37145

CWE-ID: CWE-307 - Improper Restriction of Excessive Authentication Attempts

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper restriction of excessive authentication attempts in the login page. A remote attacker can perform a brute-force attack and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

PlexTrac: before 1.17.0

External links

http://plextrac.com
http://www.controlgap.com/blog/a-plextrac-story


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Restriction of Excessive Authentication Attempts

EUVDB-ID: #VU67173

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-37144

CWE-ID: CWE-307 - Improper Restriction of Excessive Authentication Attempts

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper restriction of excessive authentication attempts in the MFA TOTP implementation. A remote attacker can perform a brute-force attack and bypass multifactor authentication.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

PlexTrac: before 1.17.0

External links

http://plextrac.com
http://www.controlgap.com/blog/a-plextrac-story


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###