CVE-2019-7666

Published: Jul 1, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password.

Affected (1)

Products: Primasystems: Flexair

Primasystems

1 product

Flexair

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Primasystems Flexair	Up to 2.3.38

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (8)

http://packetstormsecurity.com/files/155262/Prima-FlexAir-Access-Control-2.3.35-Database-Backup-Predictable-Name.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://applied-risk.com/labs/advisories

Source: cve@mitre.org

Third Party Advisory

https://www.applied-risk.com/resources/ar-2019-007

Source: cve@mitre.org

Third Party Advisory

https://www.us-cert.gov/ics/advisories/icsa-19-211-02

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://packetstormsecurity.com/files/155262/Prima-FlexAir-Access-Control-2.3.35-Database-Backup-Predictable-Name.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://applied-risk.com/labs/advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.applied-risk.com/resources/ar-2019-007

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.us-cert.gov/ics/advisories/icsa-19-211-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.