CVE-2020-25565

Name of the Vulnerable Software and Affected Versions: SapphireIMS version 5.0

Description: The issue allows an attacker to use hardcoded credentials in clients, with the username: sapphire and password: ims, to gain access to the portal. Once access is obtained, the attacker can inject malicious OS commands on functions such as "ping", "traceroute", and "snmp" and execute code on the server.

Recommendations: For SapphireIMS version 5.0, consider changing the hardcoded credentials to unique and secure credentials to prevent unauthorized access. As a temporary workaround, restrict access to the "ping", "traceroute", and "snmp" functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.