Main Vulnerability Database Vulnerabilities #VU64687

#VU64687 Weak password requirements in SEPCOS Single Package - CVE-2022-1668

Published: June 27, 2022

Vulnerability identifier: #VU64687

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-1668

CWE-ID: CWE-521

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SEPCOS Single Package

Software vendor:
Sécheron

Description

The vulnerability allows an attacker to perform brute-force attack and guess the password.

The vulnerability exists due to weak password requirements. An attacker can obtain OS superuser privileges over the open TCP port for SSH.

Install updates from vendor's website.