Total
1166 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-9289 | 1 Fortinet | 1 Fortimanager | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key. | |||||
CVE-2020-11543 | 1 Opsramp | 1 Gateway | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the password 9vt@f3Vt that allows root SSH access to the server. This issue has been resolved in OpsRamp Gateway firmware version 7.0.0 where an administrator and a system user accounts are the only available user accounts for the gateway appliance. | |||||
CVE-2019-5622 | 1 Accellion | 1 File Transfer Appliance | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials. | |||||
CVE-2019-13559 | 1 Ge | 1 Mark Vie Controll System | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. A limited application of the affected product may ship without setup and configuration instructions immediately available to the end user. The bulk of controllers go into applications requiring the GE commissioning engineer to change default configurations during the installation process. GE recommends that users reset controller passwords during installation in the operating environment. | |||||
CVE-2020-15317 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree. | |||||
CVE-2020-8868 | 1 Quest | 1 Foglight Evolve | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the __service__ user account. The product contains a hard-coded password for this account. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-9553. | |||||
CVE-2020-7498 | 1 Schneider-electric | 2 Os Loader, Unity Loader | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software (all versions). The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file transfer service provided by the Modicon PLCs. This could result in various unintended results. | |||||
CVE-2020-6990 | 1 Rockwellautomation | 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, The cryptographic key utilized to help protect the account password is hard coded into the RSLogix 500 binary file. An attacker could identify cryptographic keys and use it for further cryptographic attacks that could ultimately lead to a remote attacker gaining unauthorized access to the controller. | |||||
CVE-2020-6985 | 1 Moxa | 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console. | |||||
CVE-2020-4459 | 1 Ibm | 1 Security Secret Server | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 181395. | |||||
CVE-2020-1615 | 1 Juniper | 2 Junos, Vmx | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
The factory configuration for vMX installations, as shipped, includes default credentials for the root account. Without proper modification of these default credentials by the administrator, an attacker could exploit these credentials and access the vMX instance without authorization. This issue affects Juniper Networks Junos OS: 17.1 versions prior to 17.1R2-S11, 17.1R3-S2 on vMX; 17.2 versions prior to 17.2R3-S3 on vMX; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7 on vMX; 17.4 versions prior to 17.4R2-S9, 17.4R3 on vMX; 18.1 versions prior to 18.1R3-S9 on vMX; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3 on vMX; 18.2X75 versions prior to 18.2X75-D420, 18.2X75-D60 on vMX; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1 on vMX; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3 on vMX; 19.1 versions prior to 19.1R1-S4, 19.1R2, 19.1R3 on vMX; 19.2 versions prior to 19.2R1-S3, 19.2R2 on vMX; 19.3 versions prior to 19.3R1-S1, 19.3R2 on vMX. | |||||
CVE-2020-4177 | 1 Ibm | 1 Security Guardium | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
IBM Security Guardium 11.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174732. | |||||
CVE-2020-10996 | 1 Percona | 1 Xtradb Cluster | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected. | |||||
CVE-2020-13414 | 1 Aviatrix | 2 Controller, Gateway | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software. | |||||
CVE-2020-13793 | 1 Ivanti | 1 Dsm Netinst | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key. | |||||
CVE-2019-16150 | 1 Fortinet | 1 Forticlient | 2024-02-04 | 5.0 MEDIUM | 5.5 MEDIUM |
Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key. | |||||
CVE-2019-4675 | 1 Ibm | 1 Security Identity Manager | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 171511. | |||||
CVE-2020-6857 | 1 Taskautomation | 1 Carbonftp | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary. | |||||
CVE-2019-5158 | 1 Wago | 1 E\!cockpit | 2024-02-04 | 4.3 MEDIUM | 7.8 HIGH |
An exploitable firmware downgrade vulnerability exists in the firmware update package functionality of the WAGO e!COCKPIT automation software v1.6.1.5. A specially crafted firmware update file can allow an attacker to install an older firmware version while the user thinks a newer firmware version is being installed. An attacker can create a custom firmware update package with invalid metadata in order to trigger this vulnerability. | |||||
CVE-2019-16153 | 1 Fortinet | 1 Fortisiem | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials. |