Vulnerability Description
Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login information, which can allow the attacker to bypass authentication and have full access to the system.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Primasystems | Flexair | <= 2.3.38 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/155262/Prima-FlexAir-Access-Control-2.3.35-ExploitThird Party AdvisoryVDB Entry
- https://applied-risk.com/labs/advisoriesThird Party Advisory
- https://www.applied-risk.com/resources/ar-2019-007Third Party Advisory
- https://www.us-cert.gov/ics/advisories/icsa-19-211-02Third Party AdvisoryUS Government Resource
- http://packetstormsecurity.com/files/155262/Prima-FlexAir-Access-Control-2.3.35-ExploitThird Party AdvisoryVDB Entry
- https://applied-risk.com/labs/advisoriesThird Party Advisory
- https://www.applied-risk.com/resources/ar-2019-007Third Party Advisory
- https://www.us-cert.gov/ics/advisories/icsa-19-211-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2019-7667?
CVE-2019-7667 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name...
How severe is CVE-2019-7667?
CVE-2019-7667 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-7667?
Check the references section above for vendor advisories and patch information. Affected products include: Primasystems Flexair.