In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-11T20:23:49
Updated: 2024-08-04T15:33:05.770Z
Reserved: 2020-09-14T00:00:00
Link: CVE-2020-25565
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-08-11T21:15:08.177
Modified: 2021-08-17T18:11:51.617
Link: CVE-2020-25565
Redhat
No data.