PT-2023-5879 · Qognify · Qognify Nicevision

Roni Gavrilov

Publicado

2023-10-05

Atualizado

2023-10-10

CVE-2023-2306

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Qognify NiceVision versions 3.1 and prior

Description The issue is related to the use of hard-coded credentials, which can be exploited by an attacker to retrieve sensitive information about cameras and users, as well as modify database records. Successful exploitation could allow an attacker to obtain information about the cameras managed by the platform and its users.

Recommendations For Qognify NiceVision versions 3.1 and prior, consider changing the hard-coded credentials to unique, secure credentials to prevent unauthorized access. As a temporary workaround, restrict access to the system to minimize the risk of exploitation. Update to a version that does not use hard-coded credentials, if available.

Correção

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798

Identificadores relacionados

BDU:2023-06572

CVE-2023-2306

Produtos afetados

Qognify Nicevision

PT-2023-5879 · Qognify · Qognify Nicevision

CVE-2023-2306

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7