PT-2022-17915 · Hills · Hills Comnav

Jacob Thompson

Published

2022-04-20

Updated

2022-04-29

CVE-2022-26519

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Hills ComNav Version 3002-19

Description The issue allows local attackers to brute-force credentials due to the lack of a limit on the number of attempts to authenticate for the local configuration pages of the Hills ComNav interface.

Recommendations For Hills ComNav Version 3002-19, consider implementing a limit on the number of authentication attempts or temporarily restricting access to the local configuration pages to minimize the risk of exploitation.

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307

Related Identifiers

CVE-2022-26519

Affected Products

Hills Comnav

PT-2022-17915 · Hills · Hills Comnav

CVE-2022-26519

Weakness Enumeration

Related Identifiers

Affected Products

References · 5