Weak password requirements in SEPCOS Single Package - CVE-2022-1668

 

Weak password requirements in SEPCOS Single Package - CVE-2022-1668

Published: June 27, 2022


Vulnerability identifier: #VU64687
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-1668
CWE-ID: CWE-521
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Sécheron
Affected software:
SEPCOS Single Package

Detailed vulnerability description

The vulnerability allows an attacker to perform brute-force attack and guess the password.

The vulnerability exists due to weak password requirements. An attacker can obtain OS superuser privileges over the open TCP port for SSH.


How to mitigate CVE-2022-1668

Install updates from vendor's website.

Sources