Lucene search

[email protected]NVD:CVE-2019-3906

HistoryJan 18, 2019 - 6:29 p.m.

CVE-2019-3906

2019-01-1818:29:00

CWE-798

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.002

Percentile

52.9%

JSON

Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.

Affected configurations

Nvd

Node

identicardpremisys_idMatch3.1.190

VendorProductVersionCPE
identicardpremisys_id3.1.190cpe:2.3:a:identicard:premisys_id:3.1.190:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
identicard	premisys_id	3.1.190	cpe:2.3:a:identicard:premisys_id:3.1.190:::::::*

References

www.securityfocus.com/bid/106552

www.tenable.com/security/research/tra-2019-01

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.002

Percentile

52.9%

JSON

Related for NVD:CVE-2019-3906

prion1 cvelist1 checkpoint_advisories1 cve1 ics1 threatpost1