Main Vulnerability Database SB2022082211

SB2022082211 - Improper access control in General Bytes Crypto Application Server (CAS)

Published: August 22, 2022

Security Bulletin ID SB2022082211

Severity

Critical

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: N/A)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper access restrictions to the default installation page. A remote attacker can connect to the default installation URL and create an administrative user account.

Note, the vulnerability is being active exploited in the wild.

Remediation

Install update from vendor's website.

References

https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/2785509377/Security+Incident+August+18th+2022