PT-2020-20438 · Iteris · Iteris Vantage Velocity Field Unit

Published

2020-02-17

Updated

2021-07-21

CVE-2020-9023

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Iteris Vantage Velocity Field Unit versions 2.3.1 through 2.4.2

Description The issue concerns undocumented users with weak passwords in the Iteris Vantage Velocity Field Unit. Specifically, there are two users: bluetooth with password bluetooth, and eclipse with password eclipse. Additionally, bluetooth is also used as the root password.

Recommendations For versions 2.3.1 and 2.4.2, change the passwords of the bluetooth and eclipse users to strong, unique passwords. For versions 2.3.1 and 2.4.2, update the root password to a strong, unique password that is not the same as any user password. Consider disabling or restricting access to the bluetooth and eclipse users until the issue is fully resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-521

Related Identifiers

CVE-2020-9023

Affected Products

Iteris Vantage Velocity Field Unit

PT-2020-20438 · Iteris · Iteris Vantage Velocity Field Unit

CVE-2020-9023

Weakness Enumeration

Related Identifiers

Affected Products

References · 4