A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to extend access on the server and other services.
Existe una vulnerabilidad de reutilización de usuario/contraseña en la administración de aplicaciones y servidores de FOXMAN-UN/UNEM. Si se explota, un usuario malintencionado podría utilizar las contraseñas y la información de inicio de sesión para ampliar el acceso al servidor y a otros servicios.
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | HIGH |
| Privileges Required | HIGH |
| User Interaction | NONE |
| Scope | CHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-286
|
| [email protected] | Primary |
en
NVD-CWE-noinfo
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| hitachienergy | foxman-un | r15a | <built-in method update of dict object at 0x72a9cc5e7d40> | Application |
| hitachienergy | foxman-un | r15b | <built-in method update of dict object at 0x72a9ccf28140> | Application |
| hitachienergy | foxman-un | r16a | <built-in method update of dict object at 0x72a9994ab240> | Application |
| hitachienergy | foxman-un | r16b | <built-in method update of dict object at 0x72a9e41869c0> | Application |
| hitachienergy | unem | r15a | <built-in method update of dict object at 0x72a9cc5e7a80> | Application |
| hitachienergy | unem | r15b | <built-in method update of dict object at 0x72a9b0b123c0> | Application |
| hitachienergy | unem | r16a | <built-in method update of dict object at 0x72a9994abd80> | Application |
| hitachienergy | unem | r16b | <built-in method update of dict object at 0x72a9b0d22940> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:hitachienergy:foxman-un:r15a:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:hitachienergy:foxman-un:r15b:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:hitachienergy:foxman-un:r16a:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:hitachienergy:foxman-un:r16b:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:hitachienergy:unem:r15a:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:hitachienergy:unem:r15b:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:hitachienergy:unem:r16a:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:hitachienergy:unem:r16b:*:*:*:*:*:*:* |