CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-25278

FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle attacks to capture HTTP cookie authentication information during network communication.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 15.1%

CVSS Severity

CVSS v3 Score 7.5

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/163192
https://packetstormsecurity.com/files/153498
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5528.php

Products affected by CVE-2019-25278

Iwt » Facesentry Access Control System » Version: N/A

cpe:2.3:h:iwt:facesentry_access_control_system:-
Iwt » Facesentry Access Control System Firmware » Version: 5.7.0

cpe:2.3:o:iwt:facesentry_access_control_system_firmware:5.7.0
Iwt » Facesentry Access Control System Firmware » Version: 5.7.2

cpe:2.3:o:iwt:facesentry_access_control_system_firmware:5.7.2
Iwt » Facesentry Access Control System Firmware » Version: 6.4.8

cpe:2.3:o:iwt:facesentry_access_control_system_firmware:6.4.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-25278

Products

Pricing

Contact Us