PT-2022-19974 · Mobotix · Mobotix Control Center
Published
2022-05-19
·
Updated
2024-02-13
·
CVE-2022-30018
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Mobotix Control Center (MxCC) versions 2.5.4.5 and earlier
Description
The issue concerns insufficiently protected credentials, where passwords are stored in a recoverable format via the MxCC.ini config file. This enables an attacker to gain admin access to the software and access recordings or recording locations.
Recommendations
For versions 2.5.4.5 and earlier, consider modifying the credential storage method in the MxCC.ini config file to prevent recoverable password storage. As a temporary workaround, restrict access to the MxCC.ini config file to minimize the risk of exploitation.
Exploit
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mobotix Control Center