PT-2023-27115 · N.V.K.Inter Co. · Ibsg
Published
2023-08-21
·
Updated
2023-08-24
·
CVE-2023-39808
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
N.V.K.INTER CO., LTD. (NVK) iBSG version 3.5
Description
The issue is related to a hardcoded root password in the software, which allows attackers to login with root privileges via the SSH service.
Recommendations
For version 3.5, consider changing the hardcoded root password to a unique and secure password to prevent unauthorized access.
As a temporary workaround, restrict access to the SSH service until a patch is available.
Avoid using default or hardcoded passwords for the root account to minimize the risk of exploitation.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibsg