CVE-2020-15325

Name of the Vulnerable Software and Affected Versions Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1

Description The issue is related to a hardcoded Erlang cookie for ejabberd replication in Zyxel CloudCNM SecuManager. Additionally, there is a problem with unencrypted storage of credentials. This could allow a remote attacker to gain unauthorized access to protected information.

Recommendations For versions 3.1.0 and 3.1.1, consider changing the hardcoded Erlang cookie for ejabberd replication to a unique value. As a temporary workaround, restrict access to the replication functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.