Use of hard-coded credentials in CBAS Web - CVE-2019-10851
Published: May 31, 2019
Vulnerability identifier: #VU18651
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-10851
CWE-ID: CWE-798
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Computrols
Affected software:
CBAS Web
CBAS Web
Detailed vulnerability description
The vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists due to the several scripts contain a hard-coded encryption key for database backup file decryption. A remote authenticated attacker can gain access to the full database of the device and discover sensitive information.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2019-10851
Install updates from vendor's website.