← volver
CVE-2024-4425

Storing credentials in plaintext in CemiPark

CVSS 5.4 MEDIUMEPSS 0.4%CWE-256
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.4EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
09 may 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The access control in CemiPark software stores integration (e.g. FTP or SIP) credentials in plain-text. An attacker who gained unauthorized access to the device can retrieve clear text passwords used by the system.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Productos afectados
CEMI Tomasz Pawełek · CemiPark

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://cemi.pl/https://cert.pl/en/posts/2024/05/CVE-2024-4423/https://cert.pl/posts/2024/05/CVE-2024-4423/