Vulnerability Details : CVE-2019-3906
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
Products affected by CVE-2019-3906
- cpe:2.3:a:identicard:premisys_id:3.1.190:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-3906
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-3906
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2019-3906
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by:
- nvd@nist.gov (Primary)
- vulnreport@tenable.com (Secondary)
References for CVE-2019-3906
-
https://www.tenable.com/security/research/tra-2019-01
[R3] Multiple Premisys Identicard Vulnerabilities - Research Advisory | TenableĀ®Third Party Advisory
-
http://www.securityfocus.com/bid/106552
Identicard Premisys Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
Jump to