CVE-2020-7498

Name of the Vulnerable Software and Affected Versions Unity Loader and OS Loader Software (all versions)

Description A Use of Hard-coded Credentials issue exists in the software, where fixed credentials are used to simplify file transfer. This could allow unauthorized access to the file transfer service, potentially resulting in unintended changes to configuration files. The vulnerability could be exploited remotely, allowing an attacker to modify the contents of configuration files using the built-in FTP server passwords.

Recommendations For all versions, consider disabling the use of fixed credentials for file transfer until a patch is available. Restrict access to the FTP server to minimize the risk of exploitation. Avoid using the built-in FTP server passwords in the affected software until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.