Main Vulnerability Database Vulnerabilities #VU66683

Improper access control in Crypto Application Server (CAS) - #VU66683

Published: August 22, 2022

Vulnerability identifier: #VU66683

CSH Severity: Critical

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: General Bytes

Affected software:
Crypto Application Server (CAS)

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper access restrictions to the default installation page. A remote attacker can connect to the default installation URL and create an administrative user account.

Note, the vulnerability is being active exploited in the wild.

Remediation

Install updates from vendor's website.

Sources

https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/2785509377/Security+Incident+August+18th+2022

Improper access control in Crypto Application Server (CAS) - #VU66683

Detailed vulnerability description

Remediation

Sources

Please verify you're human