Vulnerability Details CVE-2020-11720
An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. During the installation, it sets up administrative access by default with the account admin and password 0000. After the installation, users/admins are not prompted to change this password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/160623/Programi-Bilanc-Build-007-Release-014-31.01.2020-Weak-Default-Password.html
- http://seclists.org/fulldisclosure/2020/Dec/34
- http://packetstormsecurity.com/files/160623/Programi-Bilanc-Build-007-Release-014-31.01.2020-Weak-Default-Password.html
- http://seclists.org/fulldisclosure/2020/Dec/34