Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component.
The vulnerability results from the use of a default password (weak/default password) in the CMSV6 system component. A remote attacker, without possessing any privileges, can exploit this default password to authenticate in the system and obtain elevated privileges. CWE-1393 classification indicates the use of default, weak credentials that were not changed by the manufacturer or administrator.
An attacker can perform full privilege escalation in the system, gaining access to confidential data and the ability to modify or destroy data on the vehicle monitoring platform. In case of a successful attack, violation of system confidentiality, integrity, and availability is possible.
The default password in the CMSV6 system component must be changed immediately and patches available from the manufacturer should be applied according to references. It is also recommended to restrict network access to the platform's administrative panel and implement a strong password policy.
CMSV6 vehicle monitoring platform in versions from v.7.31.0.2 to v.7.32.0.3.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H