Weak password requirements in SEPCOS Single Package - CVE-2022-1668
Published: June 27, 2022
Vulnerability identifier: #VU64687
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-1668
CWE-ID: CWE-521
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Sécheron
Affected software:
SEPCOS Single Package
SEPCOS Single Package
Detailed vulnerability description
The vulnerability allows an attacker to perform brute-force attack and guess the password.
The vulnerability exists due to weak password requirements. An attacker can obtain OS superuser privileges over the open TCP port for SSH.
How to mitigate CVE-2022-1668
Install updates from vendor's website.