The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HDormakabagroup Dormakaba Access Manager 9200 K5
HWDormakabagroupwszystkie wersjeDormakabagroup Dormakaba Access Manager 9200 K5 Firmware
OSDormakabagroupwszystkie wersjeDormakabagroup Dormakaba Access Manager 9200 K7
HWDormakabagroupwszystkie wersjeDormakabagroup Dormakaba Access Manager 9200 K7 Firmware
OSDormakabagroup< bame_06.00Dormakabagroup Dormakaba Access Manager 9230 K5
HWDormakabagroupwszystkie wersjeDormakabagroup Dormakaba Access Manager 9230 K5 Firmware
OSDormakabagroupwszystkie wersjeDormakabagroup Dormakaba Access Manager 9230 K7
HWDormakabagroupwszystkie wersjeDormakabagroup Dormakaba Access Manager 9230 K7 Firmware
OSDormakabagroup< bame_06.00Dormakabagroup Dormakaba Access Manager 9290 K5
HWDormakabagroupwszystkie wersjeDormakabagroup Dormakaba Access Manager 9290 K5 Firmware
OSDormakabagroupwszystkie wersjeDormakabagroup Dormakaba Access Manager 9290 K7
HWDormakabagroupwszystkie wersjeDormakabagroup Dormakaba Access Manager 9290 K7 Firmware
OSDormakabagroup< bame_06.00
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE