PT-2022-17372 · Bettini Srl · Bettini Srl Gams Product Line

Published

2022-04-04

Updated

2022-04-15

CVE-2022-25569

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Bettini Srl GAMS Product Line version 4.3.0

Description The issue allows unauthenticated attackers to login as root users via extracting a key from the software, due to the re-use of static SSH keys across installations.

Recommendations For Bettini Srl GAMS Product Line version 4.3.0, consider regenerating unique SSH keys for each installation to prevent unauthorized access. As a temporary workaround, restrict root user login via SSH to minimize the risk of exploitation.

Exploit

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2022-25569

Affected Products

Bettini Srl Gams Product Line

PT-2022-17372 · Bettini Srl · Bettini Srl Gams Product Line

CVE-2022-25569

Weakness Enumeration

Related Identifiers

Affected Products

References · 4