- Description
- A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an administrative session is open in the browser.
- Source
- prodsec@nozominetworks.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 4.6
- Impact score
- 3.6
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- nvd@nist.gov
- NVD-CWE-Other
- prodsec@nozominetworks.com
- CWE-201
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:proges:sensor_net_connect_firmware_v2:2.24:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11A63CF8-0093-4A0A-BE55-80DD1FA882BE"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:proges:sensor_net_connect_v2:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "38E5FC75-C0FB-4192-BE05-9A581A790EAF"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]