PT-2020-7784 · Unknown · Netsweeper

Published

2020-02-19

Updated

2020-02-20

CVE-2014-9614

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Netsweeper versions prior to 4.0.5

Description: The issue concerns a default password set for the branding account in the Web Panel, making it easier for remote attackers to gain access. This can be achieved by sending a request to the "webadmin/" endpoint.

Recommendations: For versions prior to 4.0.5, change the default password of the branding account to prevent unauthorized access. As a temporary workaround, consider restricting access to the "webadmin/" endpoint until the default password is changed.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2014-9614

Affected Products

Netsweeper

PT-2020-7784 · Unknown · Netsweeper

CVE-2014-9614

Weakness Enumeration

Related Identifiers

Affected Products

References · 3