Overview
- Description
- A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.
- Source
- prodsec@nozominetworks.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.6
- Impact score
- 3.6
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
- prodsec@nozominetworks.com
- CWE-201
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:proges:sensor_net_connect_firmware_v2:2.24:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11A63CF8-0093-4A0A-BE55-80DD1FA882BE"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:proges:sensor_net_connect_v2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "38E5FC75-C0FB-4192-BE05-9A581A790EAF"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]