CVE-2024-4425

2024-05-1415:43:42

CWE-256

[email protected]

web.nvd.nist.gov

cve-2024-4425

access control

cemipark software

plain-text credentials

unauthorized access

clear text passwords

security issue

vendor refusal

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.3%

JSON

The access control in CemiPark software stores integration (e.g. FTP or SIP) credentials in plain-text. An attacker who gained unauthorized access to the device can retrieve clear text passwords used by the system.This issue affects CemiPark software: 4.5, 4.7, 5.03 and potentially others. The vendor refused to provide the specific range of affected products.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "product": "CemiPark",
    "vendor": "CEMI Tomasz Pawełek",
    "versions": [
      {
        "status": "affected",
        "version": "4.5"
      },
      {
        "status": "affected",
        "version": "4.7"
      },
      {
        "status": "affected",
        "version": "5.03"
      }
    ]
  }
]

References

cemi.pl/

cert.pl/en/posts/2024/05/CVE-2024-4423/

cert.pl/posts/2024/05/CVE-2024-4423/