PT-2022-7913 · Unknown · Sicunet Access Controller

Andrew Griffiths

Published

2022-06-11

Updated

2022-06-17

CVE-2017-20040

CVSS v3.1

5.9

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions SICUNET Access Controller version 0.32-05z

Description A vulnerability was found in the Password Storage component, leading to weak encryption. The manipulation requires a local attack.

Recommendations For SICUNET Access Controller version 0.32-05z, consider updating the password storage mechanism to use stronger encryption algorithms to mitigate the risk of weak encryption. As a temporary workaround, restrict local access to minimize the risk of exploitation.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2017-20040

Affected Products

Sicunet Access Controller

PT-2022-7913 · Unknown · Sicunet Access Controller

CVE-2017-20040

Weakness Enumeration

Related Identifiers

Affected Products

References · 5