Main Vulnerability Database Vulnerabilities #VU16996

#VU16996 Use of hardcoded credentials in PremiSys - CVE-2019-3906

Published: January 15, 2019

Vulnerability identifier: #VU16996

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-3906

CWE-ID: CWE-798

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
PremiSys

Software vendor:
IDenticard

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to use of hard-coded credentials. A remote attacker can access the entire service via the PremiSys Windows Communication Foundation (WCF) Service endpoint to dump contents of the badge system database, modify contents, or other various tasks with unfettered access.

Remediation

Cybersecurity Help is currently unaware of any official solution to address the vulnerability.

External links

https://www.tenable.com/blog/multiple-zero-days-in-premisys-identicard-access-control-system

#VU16996 Use of hardcoded credentials in PremiSys - CVE-2019-3906

Description

Remediation

External links

Please verify you're human