9.8

CVE-2020-11720

EPSS 0.66%
Veröffentlicht 23.12.2020 16:15:12
Zuletzt bearbeitet 21.11.2024 04:58:28
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. During the installation, it sets up administrative access by default with the account admin and password 0000. After the installation, users/admins are not prompted to change this password.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bilanc ≫ Bilanc Version <= 014_31.01.2020

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.66%	0.686

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

http://packetstormsecurity.com/files/160623/Programi-Bilanc-Build-007-Release-014-31.01.2020-Weak-Default-Password.html

Third Party Advisory

VDB Entry

http://seclists.org/fulldisclosure/2020/Dec/34

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2020-11720

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11720

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11720

EUVD