Main Vulnerability Database Exploits ID:5847 - Exploit for Information disclosure in Enterprise Building Management System and Proton Building Management System - CVE-2019-7272

ID:5847 - Exploit for Information disclosure in Enterprise Building Management System and Proton Building Management System - CVE-2019-7272

Published: June 17, 2021

Vulnerability identifier: #VU18835

Vulnerability risk: Medium

CVE-ID: CVE-2019-7272

CWE-ID: CWE-200

Exploitation vector: Remote access

Vulnerable software:
Enterprise Building Management System
Proton Building Management System

Link to public exploit:

https://www.exploit-db.com/exploits/47640/

Vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to username disclosure via its username reset functionality. A remote attacker can enumerate and disclose all the valid users on the system.

Furthermore, when calling a certain page from a remote location, the following internal information can be divulged for the current system: Name, Internal IP Address, Netmask, Hostname, Gateway, DNS Server, and DNS Server 2.

Remediation

Install updates from vendor's website.

ID:5847 - Exploit for Information disclosure in Enterprise Building Management System and Proton Building Management System - CVE-2019-7272

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human