ГлавнаяУязвимости → CVE-2019-25241
9.8критическая

CVE-2019-25241

Описание

FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication.

Затрагиваемое ПО
Iwt Facesentry access control system firmwareIwt Facesentry access control system
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
http://www.iwt.com.hkhttps://www.exploit-db.com/exploits/47067https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5526.phphttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5526.php