PT-2020-14867 · Rangee · Rangeeos

Published

2020-08-20

Updated

2020-08-26

CVE-2020-16280

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions RangeeOS version 8.0.4

Description The issue concerns the storage of credentials in plaintext by certain modules. This includes credentials for external facing administrative services, domain joined users, and local administrators. A local attacker with access to the underlying operating system can exploit this issue.

Recommendations For RangeeOS version 8.0.4, consider restricting access to the underlying operating system to minimize the risk of exploitation. As a temporary workaround, limit the use of external facing administrative services and ensure that all local administrators and domain joined users use strong, unique passwords.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2020-16280

Affected Products

Rangeeos

PT-2020-14867 · Rangee · Rangeeos

CVE-2020-16280

Weakness Enumeration

Related Identifiers

Affected Products

References · 3