PT-2019-18695 · Prima Systems · Flexair
Published
2019-06-05
·
Updated
2022-10-14
·
CVE-2019-7672
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Prima Systems FlexAir versions 2.3.38 and prior
Description
The issue concerns a hard-coded
username and password in the flash version of the web interface. This may allow an authenticated attacker to escalate privileges.Recommendations
For versions 2.3.38 and prior, consider changing the hard-coded
username and password to unique, secure credentials to prevent privilege escalation. As a temporary workaround, restrict access to the web interface until a more permanent solution is implemented.Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flexair