CVE-2017-14728

Name of the Vulnerable Software and Affected Versions SiteOmat BOS versions prior to the fixed version

Description An authentication bypass issue was discovered in the SiteOmat source code, affecting all versions prior to the submission of this exploit. The issue is exacerbated by the fact that SiteOmat does not enforce password changes for administrators, leaving SSH and HTTP remote authentication vulnerable to public access.

Recommendations For all affected SiteOmat BOS versions, consider restricting access to SSH and HTTP remote authentication as a temporary mitigation measure until a patch is available. As a workaround, enforce password changes for administrators to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.