Lucene search

[email protected]CVE-2014-9576

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2014-9576

2022-10-0316:20:39

CWE-200

[email protected]

web.nvd.nist.gov

vdg security sense

cve-2014-9576

hardcoded passwords

remote access

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.9%

JSON

VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows remote attackers to obtain access.

Affected configurations

NVD

Node

vdgsecurityvdg_senseMatch2.3.13

CPENameOperatorVersion
vdgsecurity:vdg_sensevdgsecurity vdg senseeq2.3.13

CPE	Name	Operator	Version
vdgsecurity:vdg_sense	vdgsecurity vdg sense	eq	2.3.13

References

packetstormsecurity.com/files/129656/VDG-Security-SENSE-2.3.13-File-Disclosure-Bypass-Buffer-Overflow.html

seclists.org/fulldisclosure/2014/Dec/76

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141218-0_VDG_Security_SENSE_Multiple_critical_vulnerabilities_v10.txt

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.9%

JSON

Related for CVE-2014-9576

nvd1 prion1 cvelist1