Vulnerability CVE-2019-13352


Published: 2019-07-05

Description:
WolfVision Cynap before 1.30j uses a static, hard-coded cryptographic secret for generating support PINs for the 'forgot password' feature. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the ADMIN password and thus gain remote access.

Type:

CWE-798

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Wolfvision -> Cynap 

 References:
http://packetstormsecurity.com/files/153530/WolfVision-Cynap-1.18g-1.28j-Hardcoded-Credential.html
http://seclists.org/fulldisclosure/2019/Jul/9
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-021.txt

Copyright 2024, cxsecurity.com

 

Back to Top